Configuring HTTPS/TLS : Basic steps for configuring HTTPS/TLS proxy support
  
Basic steps for configuring HTTPS/TLS proxy support
This section describes the basic steps for configuring HTTPS/TLS proxy support in the controller and the SteelHead.
Complete these tasks at the Client Accelerator Controller:
1. Enable the TLS proxy support feature. Choose Manage > Services: Policies. Click the policy name and select the SSL tab. Then select the Enable SSL Optimization check box and the Enable SSL Proxy Support check box. For details, see About policy settings for HTTPS/TLS.
2. Add the in-path rules for the TLS proxy. Choose Manage > Services: Policies and select the In-Path Rules tab. Add an in-path rule that applies TLS preacceleration to all connections going through the TLS proxy. For details, see About policy settings for in-path rules.
When non-TLS connections go through the SSL proxy, the in-path rule is applied and the connections are included in the TLS connection totals. However, since the connection is a non-TLS connection, it is considered an unsuccessful TLS connection and is reflected as such on the Status display for the SteelHead as shown in this example: SSL Connections (Successful/Total): 25675/50624. The unsuccessful connections (that is, the non-TLS connections) will also be reflected in the SSL endpoint reports on the controller (Reports > Endpoints: SSL).
3. Export the Client Accelerator certificate to the SteelHead. (Complete this step at the SteelHead.) At the SteelHead, choose Optimization: SSL: Secure Peering. For details, see the SteelHead User Guide.
4. Import the SteelHead certificate to the controller. Choose Administration > SSL: Peering > Add a New Trusted Entity. For details, see Configuring controller-to-SteelHead peering.
Complete these tasks at the SteelHead:
1. Enable the TLS proxy support feature. Choose Optimization > SSL: Advanced Settings. Be sure to select the Enable SSL Proxy Support check box. For details, see the SteelHead User Guide.
2. Create the server certificate on the SteelHead. Choose Optimization > SSL: SSL Main Settings > SSL Server Certificates. For details, see the SteelHead User Guide.
3. Import the Client Accelerator certificate to the SteelHead. This step consists of two parts: one completed at the controller and one completed at the SteelHead. On the controller, choose Administration > SSL: Signing CA. For details, see, To configure TLS peering. On the SteelHead, choose Optimization > SSL: Secure Peering (SSL) > Mobile Trust. For details, see the SteelHead User Guide.