For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

KenJ_50171's avatar
KenJ_50171
Icon for Nimbostratus rankNimbostratus
Jul 21, 2009

certificate for serverssl

I'm grappling with what it means to have a certificate for a "serverssl" profile, between the F5 Big-IP LTM and the back-end server. (I have a paranoid application owner who wants to do this, and it...
config
design
hoolio's avatar
hoolio
Icon for Cirrostratus rankCirrostratus
Jul 21, 2009
Sorry, maybe I misinterpreted what the poster was trying to do.

 

 

"I have a paranoid application owner who wants to do this, and it's a low-traffic service so bandwidth and CPU are not an issue."

 

 

Ken, did you mean you wanted to use client/server certs for the server side connection or just server SSL without a client cert on LTM? If the latter, as Denny says, you can just use the default server SSL profile. LTM won't send a client cert and won't do any checking of the server's certificate. If you want/need to, you could configure the Trusted Certificate Authorities, Chain and Server Certificate to validate the client cert. All you would be doing though is ensuring LTM and the server are only connecting to each other--you wouldn't be checking anything to do with the clientside certificates/identity.

 

 

Aaron