Forum Discussion
aldrinstephengomes
Nimbostratus
NimbostratusCan I deployed a machine certificate in network load balancer?
Hi all, This is Aldrin Stephen Gomes form Bangladesh. I want to use a CA machine certificate in load balancer. Is it possible to use a machine certificate in load balancer...??? N/B: it will be CA m...
boneyard
MVP
MVPIm going to be a little harsh here perhaps, but the term you use doesn't exist. You can call it CA machine certificate, but it is better to find out how the rest of the world calls them.
Every certificate is a SSL certificate, sure you have client, server, (intermediate) CA certificates, but they are all SSL. You even say it comes from a Trusted Certifying Authority which points to SSL.
Mohamed_Ahmed_Kansoh suggests the device certificate, which is again nothing more then a client/server SSL certificate but used for management access and BIG-IP to BIG-IP communication.
Will you be using the certificate for management or for traffic through the BIG-IP?
Hi boneyard ,
Yes I expected that he is asking for Device certificate specially he mentioned it's comming from CA , So may he asking for Device Cert itself which he calls it machine certificate.
That's my expectation...
Thanks boneyard
CA_ValliI very much agree with other MVP's, we need to understand the scope better.
aldrinstephengomes - you're saying that you'll be installing a Trusted certificate that was signed by your Root CA. This is not the RootCA certificate, and it comes wiuthout a key.
- While it's possible to store certificates in this way on the BIG-IP, please understand that traffic decryption will not be possible if F5 doesn't have the certificate key.
- It's common practice to store certificates this way if you want to build a Certificate Chain on the BIG-IP. This will enable clients to verify that the server certificate and all CA's are trustworthy. Usually, in this setup, F5 is using a certificate+key pair that's signed by the last CA in the chain to decrypt SSL traffic.
