Specifications
Enabling HTTPS with a Server Certificate
Equalizer Installation and Administration Guide 173
• server certificate
• private key
• chained root (intermediate) certificates (if any)
Enabling HTTPS with a Server Certificate
The following are the steps to follow to obtain and install a server certificate, and verify that it
works.
1. Generate a Server Certificate Signing Request or a Self-Signed Server Certificate.
To get a server certificate, do one of the following:
a. Create a Certificate Signing Request (CSR) and send it to a Certificate Authority for
signing. This provides the highest level of trust to the client, as the client can be assured
that the certificate it receives from the server (in this case, Equalizer) was approved (i.e.,
digitally signed) by a trusted third party. Thus, the client has the assurance of a third party
that the server to which it is connecting is identifying itself legitimately (and is not
impersonating the legitimate server’s identity). See the section “Generating a CSR and
Getting It Signed by a CA” on page 175.
b. Create a certificate and sign it yourself. This provides a lower level of trust, since the
client is essentially trusting the server to identify itself. Self-signed certificates are
relatively easy to counterfeit, and are only recommended for use on internal, non-
production, or test configurations. See the section “Generating a Self-Signed Certificate”
on page 176.
2. Create the HTTPS cluster.
When creating an HTTPS cluster, the default flags and parameters are acceptable for most
server certificate configurations. However, if the server certificate you have does not sctrictly
conform to the standard x509 format, disable the x509 verify flag (enable the advanced flag to
see it in the flag section of the add cluster or modify cluster screens). Many self-signed and
some chained certificates may not be in strict x509 format.
For more information on creating HTTPS clusters, see Chapter 6, “Administering Virtual
Clusters”, in the Equalizer Installation and Administration Guide.
3. Install the Server Certificate on Equalizer.
Use the Equalizer Administration Interface to install the server certificate. See the section
“Installing a Server or Client Certificate for an HTTPS Cluster” on page 178.
4. Try connecting to the Cluster via HTTPS.
From a client browser, open https://cluster, where cluster is the network node name or IP
address of the HTTPS cluster. The browser may notify you that it is accepting a certificate from
the server and ask for confirmation. Once you accept the certificate, the requested page should
be displayed.
Enabling HTTPS with Server and Client Certificates
The following are the steps to follow to obtain and install both server and client certificates, and
verify that they work.