How To Guides > Accelerate SSL Traffic > Configure SSL acceleration servers

Configure SSL Acceleration Servers

SSL Acceleration provides acceleration of SSL encrypted TCP sessions by intercepting SSL connections to configured servers and decrypting them, performing acceleration techniques, then re-encrypting them again. Only traffic to servers that are explicitly configured is SSL accelerated. Any SSL traffic that the Exinda appliance sees that does not belong to a configured server is ignored.

By configuring the SSL Acceleration Server, you are specifying:

the location of the server (IPv4 address and port)
the SNI (Server Name Indication) which is the hostname of a virtual host when multiple secure websites are hosted on a single host where you want each website to use its own certificate
which certificate is used to re-encrypt the traffic
which certificate is used to authenticate the traffic and what type of validation to perform using that certificate
if any CA validation is chosen, then you can choose whether to check if that CA certificate is still valid or whether it has been revoked.

Note that if the revocation check cannot be done or the certificate has been revoked, then the SSL Acceleration Server will be disabled. If the OCSP Responder is offline, the server will be disabled. Note the appliance periodically tests the connection and re-enables the server when it's back up. If the OCSP response verification fails or if the certificate has been revoked, then the connection will be reset and the server will be disabled.

	Note: If there are any problems with the certificate or key associated with a configured SSL server (E.g. missing key, expired certificate), then SSL Acceleration will ignore that traffic until the issue is resolved. The traffic may still be accelerated, just not SSL accelerated.

	Caution: Before a server with an SNI extension can be added to the Exinda appliance, the server must be added to the appliance without the SNI extension. The server without the SNI extension is used as a fallback in case the client is unable to process the SSL certificate with SNI. A server with the same IP address and port number can be added to the appliance by specifying a unique SNI extension for each server. Caution: A server cannot be deleted if another server with the same IP address and port number and an Server Name Indication (SNI) extension has been configured on the Exinda appliance. Servers with SNI extensions must be deleted before the server can be deleted.

Caution: Before a server with an SNI extension can be added to the Exinda appliance, the server must be added to the appliance without the SNI extension. The server without the SNI extension is used as a fallback in case the client is unable to process the SSL certificate with SNI. A server with the same IP address and port number can be added to the appliance by specifying a unique SNI extension for each server.

Caution: A server cannot be deleted if another server with the same IP address and port number and an Server Name Indication (SNI) extension has been configured on the Exinda appliance. Servers with SNI extensions must be deleted before the server can be deleted.

To configure an SSL Acceleration server