A simple SSL offloading setup terminates SSL traffic (HTTPS), decrypts the SSL records, and forwards the clear text (HTTP) traffic to the back-end web servers. Clear text traffic is vulnerable to being spoofed, read, stolen, or compromised by individuals who succeed in gaining access to the back-end network devices or web servers.
You can, therefore, configure SSL offloading with end-to-end security by re-encrypting the clear text data and using secure SSL sessions to communicate with the back-end Web servers.
Configure the back-end SSL transactions so that the appliance uses SSL session multiplexing to reuse existing SSL sessions with the back-end web servers. It helps in avoiding CPU-intensive key exchange (full handshake) operations and also reduces the overall number of SSL sessions on the server. As a result, it accelerates the SSL transaction while maintaining end-to-end security.
- Download the
ssl-offloading-with-end-to-end-encryptionfolder into your local machine. - Change the directory to
ssl-offloading-with-end-to-end-encryptionfolder. - Fill the target Citrix ADC in
provider.tf - Fill the service, lb-vserver, certkey details in
input.auto.tfvars - Run
terraform initto initialise the terraform environment - Run
terraform applyto apply the ssl offloading configuration to the target Citrix ADC via terraform.
- Citrix Docs: Configure SSL offloading with end-to-end encryption