000033039 - SSL offloading at load balancer in RSA Archer

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support on Apr 24, 2019
Version 4Show Document
  • View in full screen mode

Article Content

Article Number000033039
Applies ToRSA Product Set: RSA Archer
RSA Product/Service Type: RSA Archer
RSA Version/Condition: Any
IssueDoes Archer support the concept of SSL offloading, or SSL termination, at the load balancer?

In an SSL offloading (termination) scenario, IIS (Internet Information Services)only listens over port 80, while the end users communicate with Archer over port 443. Traffic from end users hits the load balancer, and the load balancer communicates with Archer over port 80. In this configuration, only one SSL certificate needs to be installed on the LB, and we don't need to have certs set up in every instance of IIS. 
ResolutionYes, Archer supports SSL offloading, or SSL termination, at the load balancer.
  • Configure IIS and the web.config file for http / port 80
  • In the Archer Control Panel, list the base URL as HTTPS.  (Archer uses the base URL to construct links, and you want these to point to the load balancer's URL.)