Redirect port 80 to port 443

abarnard · ‎09-25-2002

We are using Novell's iChain services for authentication of remote users. We need resilience and the CSS11051 was recommended by Cisco using WebNS4.01.

The user after presenting their digital cerficate, will get redirected from port 80 to port 443. Another requirement is that there be stickiness configured based on the SSL session ID.

Has anyone done this configuration before and gotten it to work correctly.

darren.page · ‎09-30-2002

You can provide resilience a number of ways with the CSS products and this enables it to provide many solutions - although you should look at using a later version of code than 4.01 - Check CCO for latest.

The CSS can stick on SSL session id, but this is not really practical in the real world due to an issue with Microsift explorer, where it renegotiates the SSL session id every few minutes. (Netscape is fine). So unless you can guarantee that you user base will run only Netscape browsers :) , SSL sticky will not work.

A preferred method is to incorporate an SSL offload device into the design - this enables several benefits:

Offload SSL processing from your servers

Provide SSL redundancy (several SSL offload devices can be used in a cluster)

Provide sticky for SSL - this is because the SSL session is terminated on the SSL device and then passed back to the real server as cleartext, so you can now stick based on a whole range of attributes - URL, cookie etc.

To work effectively, this needs to be incorporated into your content switch design.

Regards,

Darren.

abarnard · ‎09-30-2002

Thanks Darren, I will test your suggestion.