Forum Discussion
Authentication & Encryption between BIG-IP VS and application server
Hi -
I would be grateful for clarity with regard to the following.
I have a requirement to not only enable Authentication and Encryption between the User/Client and BIG-IP, but additionally, between the BIG-IP VS and the backend application servers.
With regard to Authentication / Encryption between BIG-IP and the application servers, my initial thoughts were that this simply entailed additionally defining a Server SSL Profile and populating the following options within the section "Server Authentication":-
- Server Certificate: require
- Authenticate Name: specify
- Trusted Certificate Authorities: specify
However, having read many articles, it is not clear to me as to whether this ONLY facilitates Authentication of the server or additionally encryption between BIG-IP and the application server?
For example, to enable encryption between the BIG-IP VS and the application server, do I additionally need to specify the section "SSL Forward Proxy" within the CLIENT SSL Profile?
Much appreciated
Alex
- Jad_Tabbara__J1
Cirrostratus
Hello Alex,
You only need to add an SSL Client Profile and an SSL Server Profile. With the Client Profile the VS will be ready to handle encrypted tunnel between the Client and the VS. In the same manner, by adding an Server Profile, the F5 will starts a secure handshake to establish an encrypted tunnel btw the F5 and the Application Server.
By inheriting from the client-ssl / server-ssl parent profile, the config. is ready to use no need to add anything except the trusted key, cert and chain files to the system.
Hope it is clear.
Regards
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com