b) Local Traffic -> Virtual Servers -> Profiles -> Protocol -> TCP -> Create New
Name: apache-tcp-wan
Parent Profile: tcp-wan-optimized (if users connect to Apache from remote places - client side TCP connections)
7) Create Persistence Profiles
a) Local Traffic -> Virtual Servers -> Profiles -> Persistence -> Create New
Name: apache-cookie
Type: Cookie
b) Local Traffic -> Virtual Servers -> Profiles -> Persistence -> Create New
Name: apache-source
Type: Source Addresses Affinity
Finish
8) Create OneConnect profile (client requests can utilize existing, server-side connections - recommended to provide significant performance improvements)
Local Traffic -> Virtual Servers -> Profiles -> Other Profiles -> Create New
Name: apache-oneconnect
Type: oneconnect
9) Create Virtual Servers for HTTP traffic
Local Traffic -> Virtual Servers -> Create New
Name: your choice
Destination: Host - Provide, IP address
Service Port: 80 HTTP
Configuration: Advanced:
Type: Standard
Protocol: TCP
Protocol Profile (Client): apache-tcp-wan
Protocol Profile (Server): apache-tcp-lan
OneConnect Profile: apache-oneconnect
HTTP Profile: apache-http-opt
Finish
Navigate to created virtual server -> Resources
Default Pool: Select the pool created above
Default Persistence Profile: apache-cookie
Fallback Persistence Profile: apache-source
10) Import CA Root Certs if different than recognized CA (Your organization can even act as CA for self signed certs)
Local Traffic -> SSL Certificates -> Import ->
Import Type: Certificate
Certificate Name: Create New -> Your choice
Certificate Source : Upload File -> Upload root ca cert for your organization
Local Traffic -> SSL Certificates -> Import ->
Import Type: Certificate
Certificate Name: Create New -> Your choice
Certificate Source : Upload File -> Upload Intermediary ca cert for your organization
10) Create CSR
Local Traffic -> SSL Certificates -> Create
Provide Name, Issuer: Certificate Authority and other details
Download the CSR
Finish
You will see a key record created under SSL certificates
11) Certificate Authorization
Login to the Microsoft Certificate Server
Request a certificate -> Advanced Certificate Request -> Submit a certificate request by using a base-64-encoded CMC or PKCS #10 file, or submit a renewal request by using a base-64-encoded PKCS #7 file.
Certificate Request: Browse & insert the CSR file created above
Certificate Template: Web Server
Attributes: san:dns=www.mydomain.com&dns=secure.mydomain.com
(Attributes parameter is like an alias so one cert can be used for multiple domains)
Submit
Download and save the certificate.
Open the certificate -> Go to Details tab -> Subject Alternative Name
Check for Alias
12) Import SSL certificate into LTM
Local Traffic -> SSL Certificates -> Navigate to the CSR/Key created in the above.
Upload the Cert and Import
13) Create an Client SSL Profile
Local Traffic -> Virtual Servers -> Profiles -> SSL -> Create New
Name: your choice
Certificate: As created or imported above
Key: As created or imported above
Chain: Your company's Chain cert imported above
Trusted CA: Your company's CA cert imported above
Finish
14) Create Virtual Servers for HTTPS traffic
Local Traffic -> Virtual Servers -> Create New
Name: your choice
Destination: Host - Provide, IP address
Service Port: 443 HTTPS
Configuration: Advanced:
Type: Standard
Protocol: TCP
Protocol Profile (Client): apache-tcp-wan
Protocol Profile (Server): apache-tcp-lan
OneConnect Profile: apache-oneconnect
HTTP Profile: apache-http-opt
SSL Profile (Client): Select the clienssl profile created above
Finish
No comments:
Post a Comment