Talk to us Get started

Collection of 16 posts

SSL/TLS

Master and manage SSL/TLS on your load balancer. Find expert guides on termination, certificate management (renewal, monitoring, Let's Encrypt), mTLS setup, and security best practices to ensure encrypted, high-performance application delivery.

How to automate SSL/TLS certificate renewal with Let's Encrypt

How to automate SSL/TLS certificate renewal with Let's Encrypt

How many engineers does it take to renew an SSL/TLS certificate? Several, you might joke. But you may not be far wrong!

How to automate SSL/TLS certificate renewal with Let's Encrypt

How to automate SSL/TLS certificate renewal with Let's Encrypt

How many engineers does it take to renew an SSL/TLS certificate? Several, you might joke. But you may not be far wrong!..

Damian Pacuszka

How to master SSL termination in HAProxy: considerations and configurations

How to master SSL termination in HAProxy: considerations and configurations

SSL/TLS termination is the most regularly implemented kind of SSL/TLS offload...

Bolster your network with mTLS functionality from Loadbalancer.org

Bolster your network with mTLS functionality from Loadbalancer.org

For Enterprise 8.9, Loadbalancer.org added a new SSL Terminator for HAProxy, allowing for mutual Transport Layer Security (mTLS) configurations...

Employee configuring mTLS on a Loadbalancer.org appliance

How to configure mTLS on a Loadbalancer.org appliance

If you're thinking about giving mTLS a go, why not try it for yourself by following the steps below...

man typing on laptop working

The pros and cons of offloading TLS/SSL encryption and decryption to your ADC

TLS encryption (formerly known as SSL encryption) is used to improve the safety of data exchanged over a network. But where should it sit in your network architecture?..

How to create an SSL certificate

How to create an SSL certificate in Linux

I thought I would try and cover the basics here by explaining how to create an SSL certificate and the various files that you'll end up with...

When is it right to SSL offload?

When is it right to SSL offload?

It's a fair question, right? Let's take away the strain of SSL terminations from our application servers and let the load balancers deal with it. After all, why would we want to bog down our nifty application with network-level considerations?..

How to create a load balancer SSL/TLS certificates report

How to create a load balancer SSL/TLS certificates report

A customer asked me how to export a list of SSL/TLS certificate expiry dates from our load balancer appliance...

protecting your application with client certificate authentication

Client Certificate Authentication with HAProxy: How to configure

Using client certificates for security is a pretty cool idea! You can protect an entire application or even just a specific Uniform Resource Identifier (URI) to only those that provide a valid client certificate...

How do I get an A+ from Qualys SSL, but keep FIPS compliance as well?

How do I get an A+ from Qualys SSL, but keep FIPS compliance as well?

Is getting an A+ rating with the Qualys scanner starting to feel a bit like chasing a mythical unicorn? Every time you get close to catching and keeping the beast — it run's away and they change the rules again!..

Stunnel X-Forward-For (XFF) with HAProxy and the PROXY Protocol

Stunnel X-Forward-For (XFF) with HAProxy and the PROXY Protocol

By default, the source IP address of the packet reaching the web servers is the IP address of the load balancer and not the IP address of the client...

Heartbleed 2.0? Not exactly but more OpenSSL issues have been found

Heartbleed 2.0? Not exactly but more OpenSSL issues have been found

Whilst the Heartbleed bug was relatively easy to exploit, the latest batch of bugs are not...

Loadbalancer.org releases patch for the OpenSSL heartbleed vulnerability CVE-2014-0160

Loadbalancer.org releases patch for the OpenSSL heartbleed vulnerability CVE-2014-0160

To ensure complete protection all SSL certificates that have been used with a vulnerable version of OpenSSL should be regenerated using a new private key...

systematic SSL testing

SSL offload testing with HAProxy and Stunnel

There are a lot of SSL offload throughput statistics available for appliances across the internet but rarely do they detail the way they were tested...

Secure Your Web Servers: SSL Termination and BEAST

Secure Your Web Servers: SSL Termination and BEAST

The BEAST attack is a practical attack based on a protocol vulnerability and mainly affects the client side...

Transparent proxy of SSL traffic using Pound to HAProxy backend patch and how-to

Transparent proxy of SSL traffic using Pound to HAProxy backend patch and how-to

I've previously blogged about how to get TPROXY and HAProxy working nicely together, but what if you want to terminate SSL traffic on the load balancer to use HAProxy to insert cookies in the standard HTTP stream to the backend servers?..

Malcolm Turnbull

Get Started Today, for Free

Try us out—no strings, no stress, just seriously good load balancing and top-notch support. Let's make your apps unstoppable!

Try for free Book a meeting