Forum Discussion
aldrinstephengomes
Nimbostratus
NimbostratusCan I deployed a machine certificate in network load balancer?
Hi all,
This is Aldrin Stephen Gomes form Bangladesh. I want to use a CA machine certificate in load balancer. Is it possible to use a machine certificate in load balancer...??? N/B: it will be CA machine certificate, not SSL certificate. I hope anyone have a better knowledge in this part & they can help me to find out the solutions...!!!
Thank you
Aldrin Stephen Gomes.
boneyardMVP
Im going to be a little harsh here perhaps, but the term you use doesn't exist. You can call it CA machine certificate, but it is better to find out how the rest of the world calls them.
Every certificate is a SSL certificate, sure you have client, server, (intermediate) CA certificates, but they are all SSL. You even say it comes from a Trusted Certifying Authority which points to SSL.
Mohamed_Ahmed_Kansoh suggests the device certificate, which is again nothing more then a client/server SSL certificate but used for management access and BIG-IP to BIG-IP communication.
Will you be using the certificate for management or for traffic through the BIG-IP?
Hi boneyard ,
Yes I expected that he is asking for Device certificate specially he mentioned it's comming from CA , So may he asking for Device Cert itself which he calls it machine certificate.
That's my expectation...
Thanks boneyard
CA_ValliI very much agree with other MVP's, we need to understand the scope better.
aldrinstephengomes - you're saying that you'll be installing a Trusted certificate that was signed by your Root CA. This is not the RootCA certificate, and it comes wiuthout a key.
- While it's possible to store certificates in this way on the BIG-IP, please understand that traffic decryption will not be possible if F5 doesn't have the certificate key.
- It's common practice to store certificates this way if you want to build a Certificate Chain on the BIG-IP. This will enable clients to verify that the server certificate and all CA's are trustworthy. Usually, in this setup, F5 is using a certificate+key pair that's signed by the last CA in the chain to decrypt SSL traffic.
Hi aldrinstephengomes ,
Could you please give an example of this certificate , how is it or how it works.
>> Also , Why do you want to deploy this kind of certificates ?
Thanks
aldrinstephengomesHi @Mohamed_Ahmed_Kansoh
Yes sure, that will be a certificate which will be generated from Trusted Certifying Authority & I want to deployed it in Load balancer hardware port. The machanism will be without privet key another component cannot communicate with load balancer. Hope ill get a solution...!!
Thanks
Aldrin Stephen Gomes
aldrinstephengomes ,
Do you mean the management Port of Loadbalancer , this port which you use it to manage your box and navigate F5 loadbalancer GUI , That's correct ?
