Jump to content
Welcome to our new Citrix community!

applying SSL Bridging make mobile app works fine

Ahmad Hasan

Recommended Posts


long story short, we have configured one virtual server (LV vserver )on SSL, this VIP is being accessed from outside through web browsers and mobile application. 

the thing is that connecting to this VIP on 443 via the browser works perfectly however when we open the mobile app we got network error.

We tried to isolate the issue by configuring this service on SSL Bridge to pass through the Netscaler in terms of encryption/decryption and make the backened server responsible for SSL.

is there any difference related to traffic flow between client and NS then SNIP and backend when SSL bridge is in place or it is similar to normal SSL traffic and NS will terminate both connection.

also what could it be the issue in such case

Link to comment
Share on other sites

50 minutes ago, Mihai Cziraki1709160741 said:

in terms of TCP connection it will be the same. You will have client connections to the vip and then connections from the NS to the servers.


Try doing a nstrace or tcpdump while testing with the mobile app.


Great,thanks for your response.

Actually,we have collected some capture as we are testing the mobile app. I am not familiar with multiple tier app as well with mobile apps, however let's assume that backend detect that the incoming connection is came from mobile device and after that it applies a particular policy to rewrite the url , will the SSL bridge allow the backend to do this and respond back to the client with the correct url. 

in case of SSL , will the NS prohibit the backend from responding to the client with the correct URL for mobile.

does it matter when it comes to SSL /SSL bridge when URL redirection is applied at the backend ? 

Link to comment
Share on other sites

14 minutes ago, Mihai Cziraki1709160741 said:

in case of the ssl bridge , Netscaler is not aware of what happens in the payload (URL rewrite or anything) as the traffic is encrypted. 

NS will not prohibit something it can not see.



 Perfect, thank you. that when SSL bridge is applied, assume we configure SSL and the connection is end to end encrypted , do we need to do URL rewrite on NS in order for the mobile app works or the rewrite will come from the backend. 

Link to comment
Share on other sites

4 minutes ago, Mihai Cziraki1709160741 said:

you can NOT  do URL rewrite when you use SSL Bridge. Any rewrite on any URL manipulation needs to be done on the servers.


I got your point , now I understand how SSL Bridge works.

my question was if I enables SSL and install certificate on NS , noting that certificate is also installed on server (end to end encryption). should I configure URL rewrite on NS or the rewrite on the server is sufficient.

last one , what do you thinks is causing the app to not work once applied certificate on NS and enable SSL all the way down to servers.

Link to comment
Share on other sites

rewrite on the server is sufficient. Or you can move it to the NS. Whatever you choose.

If you want the traffic to be encrypted between the NS and the server the services needs to be SSL.

You need to troubleshoot why is not working. Do  dump on the NS and see if the servers reply to client connection. Also what their reply is?

If the app gives you netwrok error, it seems there is an issue to the vip itself.

Try doing a tcp dump, nstrace.


There is no other way.



Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...