Search:     Advanced search
Browse by category:
 Glossary | Ask question
Knowledgebase / TMX/APV / SSL- Secure Sockets Layer / What are the options needed to be configured to SSL offload OWA server?


What are the options needed to be configured to SSL offload OWA server?
Print
Email to friend
Add comment
Views: 422
Votes: 0
Comments: 0

When you use an SSL hardware accelerator placed before the Outlook Web Access server and the SSL session is terminated by the accelerator, the traffic flows from the client to the SSL hardware accelerator in HTTPS, then to the Outlook Web Access front-end server in HTTP, and then to the back-end server.

In this scenario, the Outlook Web Access front-end server recognizes traffic to the client as HTTP and does not recognize that the SSL session is being terminated before the traffic reaches the Outlook Web Access server. Therefore, when the back-end server renders the HTML pages, it uses http:// instead of https:// for all the links. When a user clicks any link in the rendered page, they receive a message that the request is denied because the server denies any non-HTTPS traffic. Even though the traffic is re-encrypted by the SSL accelerator when the traffic returns to the user, the links are broken.

From the Array TMX /APV, the following options need to be configured.

http owa {on|off}
Enables or disables the subsystem, which inserts OWA (Outlook Web Access) specific header, FRONT-END-HTTPS: on, in the requests forwarded to backend servers. When this subsystem is turned on, the header insertion will be done only for the virtual services configured using http owa virtual command. When this subsystem is turned off, the header insertion will not be done even if there are virtual services configured using the http owa virtual command. The default setting is off.
 
 
http owa virtual <virtual-service>
Enables the insertion of FRONT-END-HTTPS: on header in the requests forwarded to the backend servers for the specified virtual-service.
 

Other questions in this category
Do we support the Extended Validation SSL certificate or cipher suites?
When Web or FTP (that is set by "ssl setting crl" for CRLDP) is down, will client authentication of Array TMX still work by CRLDP that the Array TMX has downloaded?
How often does Array update the crl?
What does the "Resumed SSL Session" mean?
How many SSL certs/keys and SSL Virtual Hosts can be supported on TMX 2000?
Can a single SSL setting be applied to multiple virtual services?
What value in ArrayOS is equivalent to "SSLSessionCacheTimeout" from Apache mod_ssl?
What "Compression Method" does ArrayOS SSL handshake accept?
What vendor should be used to acquire a certificate from Verisign or any CA?
What version of SSL does ArrayOS support?
What is the expected log message when the value of SSL connection per second reaches the upper limit?
What does the "SSL: received a record with incorrect length" error mean?
How should ArrayOS be configured to work with MTA mail client on MAC OS with IMAPS?
What are the error codes for client authentication on SpeedCore platform?


Array Networks, Inc.