Zoran Milenkovic1709152502 Posted September 22, 2015 Share Posted September 22, 2015 Hi Is there anybody out there to recommend some good implemetation guide for Cache Redirection? I would like to setup NetScaler as SSL forward proxy where NetScaler will do SSL interception. What kind of SSL certificate should one need to set this up? Clearly, no one would like a proxy that gives your users security warings and red address field. The idea behind interception is possibility to see what is happening inside the HTTPS traffic and filter out some HTTP methods like CONNECT or POST. Thank you in advance! Best Regards, Zoran Link to comment Share on other sites More sharing options...
Darius Cekanauskas Posted May 6, 2016 Share Posted May 6, 2016 Hi, Have you found a solution for that ? Link to comment Share on other sites More sharing options...
Paul Blitz Posted May 6, 2016 Share Posted May 6, 2016 All you need for any public-facing SSL service is a trusted SSL certificate. There are many places that can do this, Thawte, Verisign, GoDaddy are 3 that come to mind. Use Netscaler to create the SSL Key and Certificate Request. Ask for an "apache" style cert (also called "base 64", PEM etc) Link to comment Share on other sites More sharing options...
Zoran Milenkovic1709152502 Posted May 6, 2016 Author Share Posted May 6, 2016 No, @Darius Cekanauskas, I haven't checked is there any new features in NS 11. But when I was checking it on 10.5, forward SSL proxy with SSL interception, it was NOT possible. @Paul Blitz, are you sure that plain Web Server SSL certificate can be used for re-signing of certificates? Do you have any real life examples on it? BR Zoran Link to comment Share on other sites More sharing options...
Paul Blitz Posted October 19, 2016 Share Posted October 19, 2016 Sorry, I think we all misunderstood the question. "SSL Forward Proxy" seems to be an F5 thing (https://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/ltm-implementations-11-3-0/14.html) , and I think you are correct, Netscaler can't easily do this Link to comment Share on other sites More sharing options...
Kirt Carson Posted August 6, 2020 Share Posted August 6, 2020 Finally figured it out. You need to add: Basic Constraints SubjectType=CA Key Usage Certificate Signing, Off-line CRL Signing, CRL Signing (06) You must add this within the wizard for SSL Forward Proxy SSL Intercept and clicking Add to create a SSL interception CA key-pair. You'll get an error Not CA cert without Basic Constraint. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now