Knowledgebase / TMX/APV / SSL- Secure Sockets Layer / What are the options needed to be configured to SSL offload OWA server?


Add comment
Name:
Email:
Comment: *
(Use BBcode - No HTML)


What are the options needed to be configured to SSL offload OWA server?

When you use an SSL hardware accelerator placed before the Outlook Web Access server and the SSL session is terminated by the accelerator, the traffic flows from the client to the SSL hardware accelerator in HTTPS, then to the Outlook Web Access front-end server in HTTP, and then to the back-end server.

In this scenario, the Outlook Web Access front-end server recognizes traffic to the client as HTTP and does not recognize that the SSL session is being terminated before the traffic reaches the Outlook Web Access server. Therefore, when the back-end server renders the HTML pages, it uses http:// instead of https:// for all the links. When a user clicks any link in the rendered page, they receive a message that the request is denied because the server denies any non-HTTPS traffic. Even though the traffic is re-encrypted by the SSL accelerator when the traffic returns to the user, the links are broken.

From the Array TMX/APV, the following options need to be configured.

http owa {on|off}
Enables or disables the subsystem, which inserts OWA (Outlook Web Access) specific header, FRONT-END-HTTPS: on, in the requests forwarded to backend servers. When this subsystem is turned on, the header insertion will be done only for the virtual services configured using http owa virtual command. When this subsystem is turned off, the header insertion will not be done even if there are virtual services configured using the http owa virtual command. The default setting is off.
 
 
http owa virtual <virtual-service>
Enables the insertion of FRONT-END-HTTPS: on header in the requests forwarded to the backend servers for the specified virtual-service.
 



Array Networks, Inc.