Configure SSL offload on Citrix Netscaler load balancer?

[Raymond Li]

Hi,

I am working on a project and would like to configure the SSL offload on the Citrix Netscaler Load Balancer and rabbitmq service running on the backend non-ssl on the default port 5672. Is it a supported configuration? When I configured on the Netscaler, is it a SSL_TCP or just SSL? 

On my client when try to connect the rabbitmq server, do I pass in the port 5671 as the port or the default 5672 if the Netscaler SSL Offload is supported?

[Luke Bakken]

Hi Raymond,

Based on the document I found here, it sounds like SSL_TCP is the option you would use. AMQP over TLS doesn't use STARTTLS or other custom steps so I think you should be set. Configure your applications to use TLS and the IP of the Netscaler, and whatever port it is listening on (5671 is the well-known AMQPS port, so that's a good choice). Then configure it to forward non-encrypted data to your RabbitMQ node using port 5672.

Let us know how that configuration works out.

Thanks,

Luke