Question

Bank Of America Continuum India
IN
Last activity: 3 Jul 2019 15:07 EDT
SSL/TLS Certificate not available and failing on Pega IAC Gateway (Web Mashup) when SSL offloading is done at LTM
There is a requirement to setup maintenance splash page when the Pega application is being taken down for maintenance. In order to fulfill this we have a iRule setup at the LTM(Local Traffic Manager) layer which helps in redirecting the incoming traffic to a maintenance page when application needs to be taken down for maintenance. So the network architecture looks like this.
End-User's browser -> Customer's portal with Pega Gadget -> prgateway -> LTM(SSL Bridging, iRule for Maintenance) -> Pega PRPC.
Everything is working as expected but pega web mashup utility is failing to load for when another application which is trying to connect to the Pega application where we have the iRule setup in place. It is failing even when the maintenance page is not enabled.
While trusting the certificate through Pega web mashup Gateway console reveals that the SSL certificate for the Pega Host URL is failing and is throwing error "Could not retrieve following CA certificate(s) from the server". This works fine if we remove the iRule from the LTM layer.
We need the iRule at LTM to keep the maintenance slash page functionality intact. The iRule works on the logic of redirecting the traffic to a maintenance page if enabled. We are also doing SSL bridging at the LTM layer for the incoming traffic of the application as part of iRule.
So the question is how we can make the SSL certificate available for the Pega Host Url so that the connectivity can be performed without removing the iRule functionality at the LTM layer.
There is a requirement to setup maintenance splash page when the Pega application is being taken down for maintenance. In order to fulfill this we have a iRule setup at the LTM(Local Traffic Manager) layer which helps in redirecting the incoming traffic to a maintenance page when application needs to be taken down for maintenance. So the network architecture looks like this.
End-User's browser -> Customer's portal with Pega Gadget -> prgateway -> LTM(SSL Bridging, iRule for Maintenance) -> Pega PRPC.
Everything is working as expected but pega web mashup utility is failing to load for when another application which is trying to connect to the Pega application where we have the iRule setup in place. It is failing even when the maintenance page is not enabled.
While trusting the certificate through Pega web mashup Gateway console reveals that the SSL certificate for the Pega Host URL is failing and is throwing error "Could not retrieve following CA certificate(s) from the server". This works fine if we remove the iRule from the LTM layer.
We need the iRule at LTM to keep the maintenance slash page functionality intact. The iRule works on the logic of redirecting the traffic to a maintenance page if enabled. We are also doing SSL bridging at the LTM layer for the incoming traffic of the application as part of iRule.
So the question is how we can make the SSL certificate available for the Pega Host Url so that the connectivity can be performed without removing the iRule functionality at the LTM layer.
***Edited by Moderator Marissa to update platform capability tags****