I am attempting to integrate a hardware load balancer for https:// communications with PPM. I have a certificate loaded on the device (a Citrix NetScaler) and a certificate loaded in the PPM directory on the Linux server. I am unable to get any secure communications even if I change the port settings in the server.conf to use 8443. Has anyone ever attempted this type of integration before?
We use an F5 switch as a front end. It accepts https connections and forwards decrypted packets to PPM on the port configured in server.conf. We did not add any certificates on the PPM server and PPM knows nothing about the encryption processes used between the users and the switch. My understanding is that PPM does not support https. Details are described in the Installation and Administration Guide.
Thanks Jim. I did get our load balancer to work finally, without using any certificates. Unfortunately, the installation manuals are very vague when it comes to h/w load balancer usage with PPM vice an external web server. Now, my only issues are that when I attempt to access the work bench, I cannot get to it, nor can I get a web page when I log off PPM.
In order to access the workbench, you need to make one more change: in server.conf change the BASE_URL to specify the https URL supported by the switch. Be sure to run kUpdateHtml.sh after making this change.
Jim...Thanks loads!!! changing the BASE_URL to the correct secure port was the issue. After I made the change, I was able to successfully log in to PPM under a secure site, open Work bench without and issue and close it. I am now at the point where everything is fine except for logging off PPM. When I log out, the app takes me to a page that says:
What URL is it trying to display? You may have an old login page URL cached somewhere. Try stopping PPM and clearing the tmp and work directories in each instance ($PPM_HOME/server/<instance>/tmp and $PPM_HOME/server/<instance>/work), then restart the instances.
In our configuration, the load balancer handles only the encryption/decryption functions and routes the unencrypted traffic to/from PPM. PPM is handling the login functions. I am not sure what you mean when you say the load balancer is handling the secure login. If the load balancer sees the session terminated, though, maybe it is refusing to send traffic to the Logout.jsp script after the session is ended. Just a guess on my part, though.
Sorry, I guess I should have said it that way. Out load balancer does exactly the same as yours. handles all the encryption to/from the clients. On the backend, it send the data to/from PPM unencrypted. PPM does handle the login and logout.