We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda Load Balancer ADC

How to Secure Communication with Real Servers

  • Last updated on
If you want all communication between the Barracuda Load Balancer ADC and the real servers to be encrypted using SSL, you can configure this on a per-server basis. This is also known as back-end SSL.
To configure the Barracuda Load Balancer ADC to encrypt the data sent to a server:
  1. Copy the certificate from each server, and upload the certificate to the BASIC > Certificates page as a back-end certificate.
  2. On the BASIC > Services page, edit each real server for the secure service and specify that the server uses SSL by navigating to the SSL section and setting Server uses SSL to On.
    You can optionally configure the following SSL settings for each real server:
    • SSL Protocols - The SSL protocols used by the service to connect to the server. Servers must support OpenSSL version 1.0.1 or higher to work with TLS v1.1 or TLS v1.2.
    • Enable SNI - Some servers require a hostname extension in the SSL handshake for the connection to be accepted. Enable this option if your server requires a hostname extension. The hostname is picked from the host header in the incoming HTTP request.
    • Validate Certificate - Requires the server certificate to be validated using certificates from well-known Certificate Authorities. If set to No, any certificate from the server is accepted, including self-signed or test certificates.
    • SSL Error Logs - Set to On to help troubleshoot the SSL handshake problems in detail. These logs are displayed with the system logs and can be viewed from the ADVANCED > System Logs page.
  3. In the Certificates section, select the certificate that you uploaded. If necessary, change the port used by the real server.
Last updated on