Configuring and tuning SSL offload with Citrix Netscaler VPX
This step-by-step guides you through configuring and tuning SSL offload in Citrix Netscaler VPX, which is done by using the certificate and cryptographic material that is generated by using the Hardware Security Monitor (HSM) link.
This step-by-step assumes that you have completed the steps in Deploying and Configuring the IBM© Hardware Security Module (HSM) with Citrix Netscaler VPX to order and create your VPX/HSM pairing.
About the deployment
This deployment was built and tested with the following component specifications:
| NetScaler VPX Version & Build | HSM Software Version | HSM Firmware version | HSM Client Version |
|---|---|---|---|
| NS12.1: Build 48.13.nc | 6.2.2-5 | 6.10.9 | 6.2.2 |
Logical topology
The following diagram shows the network traffic flow for the SSL offload use case. This provides a visual and logical perspective of the trust link and the configuration between the Citrix VPX and the HSM appliance.
What you accomplish
In this step-by-step guide you learn how to configure SSL for a Citrix Netscaler VPX:
| Task | Description |
|---|---|
| Install the certificate | Install the SSL Certificate that you created in the previous step-by-step, Deploying, and configuring the IBM Hardware Security Module (HSM) with Citrix Netscaler VPX. |
| Check and configure the DNS record | Ensure that a DNS record exists for the FQDN that points to the public address to be configured in the Citrix Netscaler VPX as a Virtual Server. |
| Add and configure the SSL Virtual Server | Add and configure an SSL Virtual Server. |
| Create and apply a new cipher suite | Create a cipher suite that prioritizes and preferences AEAD, ECDHE, and ECDSA. |
Extra resources
The following extra resources can help you get the most out of your Citrix Netscaler VPX when using the IBM Hardware Security Module.