Jump to content
Welcome to our new Citrix community!

vserver protocol for AD LDAPS loadbalancing vserver without SSL offloading - ssl_bridge or TCP


Recommended Posts

Dear Community 

 

We are implementing Load balancing for our AD LDAPS  traffic  in SSL passthrough mode  ( no SSL offloading on the LB  ) 

 

ADC version NS12.1 57.18.nc

 

Can we use SSL_BRIDGE protocol  with port 636  ?  

 

or  should we use TCP with 636  ? 

 

 

 

Link to comment
Share on other sites

On 5/14/2022 at 6:52 PM, Rhonda Rowland1709152125 said:

LDAPS vservers and services for authentication should be done as ssl_tcp vservers and services on port 636.  Not SSL_BRIDGE.  You will need cert bindings on the vserver.

Dear Rowland

 

We dont plan to do ssl offloading on ADC .

 

if SSL_BRIDGE is not allowed  , then can we use TCP  port 636 for the Vserver  ? 

 

 

Link to comment
Share on other sites

Like Carl said, for the additional consideration. 

I meant don't use SSL_BRIDGE assuming you wanted SSL Termination; not that it couldn't be used at all....   Sorry for the confusion and the assumption on my point.

 

But LDAP is essentially TCP-based, so SSL_TCP would be the protocol type usually used when doing ssl termination on the ADC.

Link to comment
Share on other sites

On 5/16/2022 at 12:03 PM, Carl Stalhood1709151912 said:

If your client LDAP application does not need to verify the SSL cert, then yes. One problem with TCP or SSL_BRIDGE is that each back-end LDAP server has a different certificate.

Dear Carl

 

If we decide to deploy the same certificate on both backend servers , will SSL_BRDIGE or TCP vserver with port 636 work  ? 

Link to comment
Share on other sites

21 hours ago, Rhonda Rowland1709152125 said:

Like Carl said, for the additional consideration. 

I meant don't use SSL_BRIDGE assuming you wanted SSL Termination; not that it couldn't be used at all....   Sorry for the confusion and the assumption on my point.

 

But LDAP is essentially TCP-based, so SSL_TCP would be the protocol type usually used when doing ssl termination on the ADC.

Thanks Rhonda for the clarification

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...