Open Telekom Cloud for Business Customers

SSL offloading on Open Telekom Cloud

Overview

For e-commerce and some enterprise applications, securing the communication channel becomes an essential. To address this need, HTTPS/SSL has been widely used in the internet. HTTPS protocol secures the communication between the Client and the Server side. In case of distributed Systems SSL can be offloaded at various levels. Some of the commonly used offloading layers are Load Balancers and Web servers. In this article we will walk you through how to configure Open Telekom Cloud ELB to offload SSL. 

VPreperation

1. One test ECS for ELB backend  

Preparation: One test ECS for ELB backend

After creation, install Nginx for later demo.

2. One internet facing ELB  

Preparation: One internet facing ELB

Here public IP of ELB is 160.44.196.233  

Deployment

Step 1. Create SSL key, certification

You can use different methods to generate certificates.  Here we will use X.509 and sha512 to go ahead. 

Deployment: Create SSL key, certification

Deployment: Create SSL key, certification

Step 2. Create a new certificate in Open Telekom Cloud EL

Creating a new certificate in Open Telekom Cloud EL

Here copy content of server.crt and server.key 

Create Certificate

Step 3. Add a new HTTPS listener for ELB

In this step, we choose HTTPS/443 for LB Protocol/Port, and select the certificate ‘ssltest’ 

Add Listener

Add Listener

Step 4. Add ELB backend ECS

Add ELB backend ECS

Let’s make ECS ‘ssltest’ as backend one and wait for few seconds the health-check status turns to be normal, make a try to visit public IP of ELB: 160.44.196.233 with https.

Your connection is not private

Now SSL offloading works while the certification authority is invaild. Let’s fix it :)

Welcome to nginx!

Step 5. Import root certification to browser

Let’s copy ca.crt to notepad and save as local desk, then import into browser.

Here we will use chrome, Chrome Settings > Show advanced settings > HTTPS/SSL > Manage Certificates. 

Import root certification to browser

Re-open chrome and let’s try it again. Now the website becomes secure now.

open-telekom-cloud-ssl-offloading-screen13

Mission complete :)


Book now and claim starting credit of EUR 250* (code: 4UOTC250)
24/7 Service
Take advantage of our consulting services!

Our experts will be happy to help you.

We will answer any questions you have regarding testing, booking and usage – free and tailored to your needs. Try it out today!

Hotline: 24 hours a day, seven days a week 

0800 33 04477 from Germany
00800 44 556 600 from abroad

* Voucher can be redeemed until June 30, 2020. Please contact us when using the voucher for booking. The discount is only valid for customers with a billing address in Germany and expires two months after conclusion of the contract. The credit is deducted according to the valid list prices as per the service description. Payment of the credit in cash is excluded.


  • Test it today – with no obligation and free of charge

    Book now and claim starting credit of EUR 250*
    Code: 4UOTC250

    Book now

  • Telefon

    Free expert hotline

    Our certified cloud experts provide you with personal service free of charge.

    0800 33 04477 (from Germany)

    24 hours a day, seven days a week

  • E-Mail

    Our customer service is available free of charge via E-Mail

    Write an E-Mail

  • Arrange an appointment

    Our Open Telekom Cloud experts provide you with free, non-binding and idividual support

    Arrange an appointment