NimbostratusHello, is it doable? if client is https, it works, if I remove the client certificate, I get a "connection reset". and if I need a client certificate to the pool (which the client won't offer, being http), is it hopeless?! thanks for your insights.
EmployeeYou can certainly do HTTP on the client side and HTTPS on the server side. You basically just apply a serverssl profile to the VIP. If the web server needs a client certificate, then you'll need to import a cert and private key and assign those to your serverssl profile.
The one significant caveat to this might be how the application functions. In a similar fashion to client side HTTPS and server side HTTP "reverse proxy" issues, if the server is unaware that it's behind a proxy, and uses absolute URLs to reference internal objects, then you may have issues when the HTML page renders but internal document objects (images, JavaScript, CSS, etc.) have https:// URLs. This isn't a given, and actually somewhat rare these days, but definitely something to look out for if you run into issues.
NimbostratusHi Kevin, thanks for answering. As a matter of fact that's exactly what we are doing, but it fails with a connection reset nonetheless! Since it's a webservice, there's no rewrite issues wrt content, we only need to rewrite the host header which we do (but is currently useless as we don't get past the ssl authentication issue). If you have an idea on how to troubleshoot this one, I'm all ears as we are kinda stuck now. Maybe you can see something wrong in the following? It's the first frame of the query. edit: fixed in the following post
Nimbostratusupdate: now working, thanks Kevin!
EmployeeYou've provided one SYN packet. Is that on the server side of the proxy? Is there any traffic after that?