How to load balance directory server 6.0 using Citrix Netscaler
Hi,
I am trying to accomplish load balancing three directory servers (version: 6.0) using Citrix Netscaler. Since the SSL traffic terminated at netscaler and netscaler will establish non-secure traffic to the server, I configured the secure vserver SSL_TCP protocol port 636 to load balance the three directory servers at non-secure port 389. I created the self-signed SSL certificate and installed it on netscaler. On a Linux LDAP client, I installed the self-created CA root certificate and configured TLSCACertificateFile and TLSCACertificateDir path etc in ldap.conf file. But the Linux LDAP client can't communicate with the vserver using that root CA certificate. The testing shows the following error:
TLS trace: SSL_connect:before/connect initialization
TLS trace: SSL_connect:SSLv3 write client hello A
TLS trace: SSL3 alert read:unknown:unknown
TLS trace: SSL3 alert write:fatal:illegal parameter
TLS trace: SSL_connect:error in SSLv3 read server hello A
TLS: can't connect.
ldap_perror
ldap_start_tls: Connect error (-11)
additional info: error:140940F6:SSL routines:SSL3_READ_BYTES:unknown alert type
ldap_bind
ldap_simple_bind
ldap_sasl_bind
ldap_send_initial_request
ldap_send_server_request
ber_scanf fmt ({it) ber:
ber_scanf fmt ({i) ber:
ber_flush: 14 bytes to sd 3
ldap_free_request (origid 2, msgid 2)
ldap_free_connection 0 0
ldap_free_connection: refcnt 1
ldap_perror
ldap_bind: Can't contact LDAP server (-1)
additional info: error:140940F6:SSL routines:SSL3_READ_BYTES:unknown alert type
Any help will be appreciated!
--xinhuan