Forum Discussion
About F5 VE External Cryptographic issue.
Hi Everyone
I refer to this guide https://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/bigip-ssl-administration-12-0-0/18.html in my lab.
Client -----> BIGIP-1 VE v12.1 (Crypto client) -----> BIGIP-2 VE v12.1( Crypto Server )
I used tmsh commany show crypto server have normal output at below.
Sys::Crypto Server: my_Crypto_Server
Received Packets 156 Received Bytes 6.1K Transmitted Packets 156 Transmitted Bytes 3.8K
But client web browser display common name is localhost.localdomain by Crypto client's default clientssl cert,It not by Crypto server's crypto-server-default-clientssl cert.
My understanding was that use External Crypto function and its purpose is to use the Crypto server security save and management certificate. The Crypto server is responsible for the final SSL offload function.So I think client browser dispaly certificate should be Crypto server's instead of Crypto client 's localhost.localdomain.
Do I understand correctly and How to correctly configured?
Many Thanks
D.Luo
- Leonardo_SouzaCirrocumulus
Yes, this functionality is for offload the SSL work to another BIGIP device. The main target for that is having a VE for example offloading SSL work to another BIGIP that has a SSL card. I guess your scenario is just for test, because having VE as client and server does not make sense.
Can you provide the relevant part of your configuration?
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com