For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

KenJ_50171's avatar
KenJ_50171
Icon for Nimbostratus rankNimbostratus
Jul 21, 2009

certificate for serverssl

I'm grappling with what it means to have a certificate for a "serverssl" profile, between the F5 Big-IP LTM and the back-end server. (I have a paranoid application owner who wants to do this, and it...
config
design
hoolio's avatar
hoolio
Icon for Cirrostratus rankCirrostratus
Jul 21, 2009
For server side SSL, LTM will be acting as a client. So the app owner should generate a client cert from his server certificate. You can then install it on LTM. As you guessed, you should configure it for the server SSL profile and for an HTTPS monitor. The health monitor just needs to be assigned to the pool member(s) which you want to monitor--you shouldn't need to configure which LTM self IP addresses use the cert. The requests will be made from each unit's static self IP address to the pool members.

 

 

I think the server SSL profile can be configured to validate the CN of the server cert. I don't have a box in front of me to double check this. But you should be able to read the LTM config guide for your version or the online help for details.

 

 

Aaron