Doug_104173
Sep 07, 2010Nimbostratus
Load Balancing SSL LDAP requests
Has anyone load balanced client requests over ssl through a BigIP to a pool of redhat directory servers? I would like to make a master and slave pair highly available behind my BigIP loadbalancers but the ssl part is killing me.
The way I see it, you would have to generate 2 certificates on the load balancer, one to give to the client making the request, the other you would install into the Directory Server which would serve as a node in a pool on the big IP. The BigIP would then decrypt the ssl request from the client and then re-encrypt the traffic to which ever Directory sever it was sending it to. I know you can just do an ssl pass through on the BigIP and add a SAN to your existing certificate from the directory server but I thought having the BigIP do all the decrypt and manage the certificates would be a more manageable solution.
I've set all this up by they way, but of course my test machine is no longer binding to the ldap sever. I've scoured the internet and not found a good how to describing how to accomplish what I seek.