vADC Forum

Reply
Occasional Contributor
Posts: 7
Registered: ‎01-24-2017

SSL Decryption and v10.1, issue ?

[ Edited ]

I have the load balancer set up to redirect my virtual server from HTTP to HTTPS. The HTTPS virtual server is set to enable SSL Decryption. Both the HTTP and HTTPS virtual server are using the same pool. 

 

When I have just the redirect disabled and use port 80 my application works. When I enable the redirect and go through the port 443 virtual server. My Application gets called, but it looks like Jetty is trying to start up SSL. Though the SSL decrypt is enabled and internal protocol is set to HTTP. 

 

I expected the internal application would not know the difference at this point. Shouldn't it?

 

My application is not logging anything and I believe it is not starting up. Though Jetty is returning a 401 error when getting data from the https virtual server.

 

And relatively new at this.

 

Thanks,

Mike

 

Occasional Contributor
Posts: 7
Registered: ‎01-24-2017

Re: SSL Decryption and v10.1, issue ?

Sorry, think I am in the wrong forum for my vTM question. Moving it to the Virtual Router forum.

Thanks.

Community Manager
Posts: 143
Registered: ‎03-03-2014

Re: SSL Decryption and v10.1, issue ?

Michael,

 

We are working on your question.   Also, I will move your original question to the right forum to make sure we are not duplicating the question to the Community.

 

Thank you

Jason McClellan
Community Manager
@jason_cmgr

Occasional Contributor
Posts: 7
Registered: ‎01-24-2017

Re: SSL Decryption and v10.1, issue ?

Awesome, I created a second message on the Virtual router forum. Thinking I was helping. Smiley Happy

There may be some well known cookbook recipe I am unaware needs applied, or something. 

Thanks,

Mike

Occasional Contributor
Posts: 7
Registered: ‎01-24-2017

Re: SSL Decryption and v10.1, issue ?

BTW Jetty is v6
and vTM is v10.1
Occasional Contributor
Posts: 7
Registered: ‎01-24-2017

Re: SSL Decryption and v10.1, issue ?

@jason_cmgr,

Found out the Crypto packages are not loading for SSL, but to decrypt a header line we insert from the calling application to validate the caller. How in traffic script can I redirect HTTP->HTTPS, but make sure this header is propagated to the HTTPS port ? Header appears to be using the Authorization header with our own custom realm and payload.

Occasional Contributor
Posts: 7
Registered: ‎01-24-2017

Re: SSL Decryption and v10.1, issue ?

@jason_cmgr,

 

Surprise, found the Application is using OAuth between servers to authenticate the source of the call. Client computes the signature with "https" as the protocol. The client attempts to verify the signature constructing the signature with "http." Not match there, 401.

 

I expect this is beyong Brocade, but I am listening if there are any ideas.

 

Thanks,

Mike

 

Brocadian
Posts: 95
Registered: ‎04-22-2015

Re: SSL Decryption and v10.1, issue ?

Hello, I wanted to check to see if you had seen the other articles on HTTPS redirection. One uses the simple RuleBuilder to set up redirection, the other shows how you might have more flexibility using TrafficScript. Make sure you have your redirection set up as "Request" rules - rather than as "Response" rules.

 

http://community.brocade.com/t5/vADC-Docs/HowTo-Redirect-HTTP-clients/ta-p/78222

http://community.brocade.com/t5/vADC-Forum/Redirect-HTTPS-URL/td-p/72667

 

If you need more support on the exact configuration, then your local SE or support contact may be able to take a closer look - however, note that you should really upgrade to at least 10.4, which is supported under the LTS (Long Term Support) program.

 

Join the Community

Get quick and easy access to valuable resource designed to help you manage your Brocade Network.