You need to configure SSL for secure communication between the Storage Connector and the Syncplicity client.
- You must deploy a load balancer in front of your Storage Connectors and configure it to perform SSL offloading.
- Ensure that the SSL-offloading Load Balancer uses a Certificate Authority (CA)-issued certificate that has been correctly chained.
A certificate chain consists of all the certificates needed to certify the subject identified by the end certificate. In practice this includes the end certificate, the certificates of intermediate CAs, and the certificate of a root CA trusted by all parties in the chain. Every intermediate CA in the chain holds a certificate issued by the CA one level above it in the trust hierarchy. The root CA issues a certificate for itself.
If you want to create a proper chain, you must use a text editor of your choice, such as Notepad or vi, to copy and paste each of the two or three (if there is an intermediate root) certificates into one text file in the following order:
- Server (Storage Connector) Public KeyCertificate; e. g., Storage_Connector _node.pem
- Intermediate Root Certificate (if there is one); e. g., Intermediate_Root.pem
- Certificate Authority (VeriSign, Thawte, Entrust, etc.) Root Certificate; e. g, CA_Root.pem
Note: The use of self-signed certificates is not supported.
Note: You may contact the Certificate Authority (CA) that signed the Storage Connector Node Public Key Certificate to provide the additional Intermediate Root Certificate as well as the Certificate Authority Root Certificate.
- Your externally-addressable SSL-offloading Load Balancer load balances Syncplicity client traffic across all Storage Connectors. The specific instructions may vary based on the type of load balancer that you have deployed.
- Configure your Load Balancer to offload SSL traffic on a port, e.g., 443; then load balance this traffic across the IP addresses of all Storage Connectors on port 9000.