Technicality here, can we call the functionality SSL termination? While technically we are "offloading" ssl from the VM, offloading typically carries a connotation that its being done in hardware. So we are really talking about SSL termination.
Couple comments. I wouldn't want to assume anything about SSL based on port numbers. So instead specify the protocol (http/https/ssl/tcp) for the front and back side of the load balancer. Additionally, I'd prefer the chain not be in the cert. When configuring some backends you need the cert and chain separate. It would be easier if they were stored that way. Otherwise you have to do logic of parsing all the certs in the "keystore" and look for the one that matches the key. Otherwise, awesome feature. I'll tell you, from an impl perspective, parsing and validating the SSL certs is a pain. I can probably find some java code to help out here on this as I've done this before in the past. Darren On Tue, Oct 8, 2013 at 11:14 AM, Syed Ahmed <sah...@cloudops.com> wrote: > Hi, > > I have been working on adding SSL offload functionality to cloudstack and > make it work for Netscaler. I have an initial design documented at > https://cwiki.apache.org/confluence/display/CLOUDSTACK/SSL+Offloading+Support > and I would really love your feedback. The bug for this is > https://issues.apache.org/jira/browse/CLOUDSTACK-4821 . > > Thanks, > -Syed > >
