If you want all communication between the Barracuda Load Balancer ADC and the real servers to be encrypted using SSL, you can configure this on a per-server basis. This is also known as back-end SSL.
To configure the Barracuda Load Balancer ADC to encrypt the data sent to a server:
- Copy the certificate from each server, and upload the certificate to the BASIC > Certificates page as a back-end certificate.
- On the BASIC > Services page, edit each real server for the secure service and specify that the server uses SSL by navigating to the SSL section and setting Server uses SSL to On.
You can optionally configure the following SSL settings for each real server:- SSL Protocols - The SSL protocols used by the service to connect to the server. Servers must support OpenSSL version 1.0.1 or higher to work with TLS v1.1 or TLS v1.2.
- Enable SNI - Some servers require a hostname extension in the SSL handshake for the connection to be accepted. Enable this option if your server requires a hostname extension. The hostname is picked from the host header in the incoming HTTP request.
- Validate Certificate - Requires the server certificate to be validated using certificates from well-known Certificate Authorities. If set to No, any certificate from the server is accepted, including self-signed or test certificates.
- SSL Error Logs - Set to On to help troubleshoot the SSL handshake problems in detail. These logs are displayed with the system logs and can be viewed from the ADVANCED > System Logs page.
- In the Certificates section, select the certificate that you uploaded. If necessary, change the port used by the real server.