Configure SSL offload and acceleration on a Citrix ADC VPX appliance

A Citrix ADC appliance configured for SSL acceleration transparently accelerates SSL transactions by offloading SSL processing from the server. To configure SSL offloading, you configure a virtual server to intercept and process SSL transactions, and send the decrypted traffic to the server (unless you configure end-to-end encryption, in which case the traffic is re-encrypted). Upon receiving the response from the server, the appliance completes the secure transaction with the client. From the client’s perspective, the transaction seems to be directly with the server. A Citrix ADC configured for SSL acceleration also performs other configured functions, such as load balancing.

Configuring SSL offloading requires an SSL certificate and key pair, which you must obtain if you do not already have an SSL certificate. Other SSL-related tasks that you might need to perform include managing certificates, managing certificate revocation lists, configuring client authentication, and managing SSL actions and policies.

Before you begin

Before you start configuring SSL offloading and acceleration on a Citrix ADC VPX appliance, make sure that:

• You have deployed a Citrix ADC VPX appliance and the appliance is UP and running in your setup. For more information, see Deploy a Citrix ADC VPX instance.

• You have added a subnet IP (SNIP) address on the Citrix ADC appliance. A Citrix ADC uses a subnet IP (SNIP) address as a source IP address to proxy client connections to servers. For more information, see Configuring Subnet IP Addresses.

• You have a basic understanding of the load balancing feature of a Citrix ADC appliance. For more information, see:

  • Load Balancing
  • Load balance traffic on a Citrix ADC appliance

• You have a basic understanding of the SSL offload feature of a Citrix ADC appliance. For more information, see:

  • SSL offload and acceleration
  • SSL offloading configuration

• You have a basic understading of the Citrix ADC NITRO REST APIs. For more information, see Citrix ADC NITRO API reference.

Configuration steps

Configuring SSL offloading on a Citrix ADC appliance using NITRO REST APIs consists of the following steps:

1. Create a load balancing virtual server of type SSL
2. Create load balancing services of type SSL
3. Bind the services to the load balancing server
4. Add a certificate key pair
5. Bind the certificate-key pair to the SSL virtual server

Create a load balancing virtual server of type SSL

To create a load balancing virtual server on a Citrix ADC VPX appliance, you use the lbvserver NITRO API object.

For more information about the lbvserver object and its properties, see Citrix NITRO API reference for lbvserver.

Create load balancing services of type SSL

To create a load balancing service on a Citrix ADC VPX appliance, you use the service NITRO API object. You must create a service for each server to be load balanced.

For more information about the service object and its properties, see Citrix NITRO API reference for service.

Bind the services to the load balancing server

To bind the created services to the load balancing server, you use the lbvserver_service_binding NITRO API object.

For more information about the lbvserver_service_binding object and its properties, see Citrix NITRO API reference for lbvserver_service_binding.

Add a certificate key pair

To add a certificate key pair on a Citrix ADX appliance, you use the sslcertkey NITRO API object.

For more information about the sslcertkey object and its properties, see Citrix NITRO API reference for sslcertkey.

Bind the certificate-key pair to the SSL virtual server

To bind the created services to the load balancing server, you use the sslvserver_binding NITRO API object.

For more information about the sslvserver_binding object and its properties, see Citrix NITRO API reference for sslvserver_binding.