No Server Certificate Validation

HaroldUrregoHaroldUrrego Member

Hello Team


I currently have a server that does not load the page because it has an expired certificate.


I was asked to pass this service through the balancer and have the A10 not validate the server certificate and load the page.


On the advanced configuration of the server's virtual port I enabled the NO SSL option, as I understood it would do that process but it is not effective.


Is it possible that the balancer performs this task, or is it not possible.

Comments

  • mdunnmdunn Member, A10ers ✭✭✭

    If the certificate is invalid on the SLB server, we can ignore this in the server-ssl template by setting "server-certificate-error ignore". Alternatively, if the server allows http connections on port 80, we could configure a port 80 service-group to use.

    Either of these approaches will require a valid SSL certificate in the client-ssl template to prevent a client from receiving a certificate warning.

  • ClararClarar Member

    Addressing an invalid certificate on the SLB server, your proposed solutions—ignoring the certificate error or configuring a port 80 service-group—are viable workarounds. However, ensuring a valid SSL certificate in the client-ssl template is crucial to maintain secure connections without client warnings. It's a strategic balancing act for seamless functionality.

  • mdunnmdunn Member, A10ers ✭✭✭

    Agreed. Security concerns and requirements across the public Internet are different than those required within the data center network. Valid client encryption across the Internet is required. Within the data center, we may be able to allow cleartext communication between the A10 and SLB Server. The architecture and design should align with the network security requirements and compliance standards for the given application.

Sign In or Register to comment.