Forum Discussion

Altostratus

Feb 27, 2024

client and server ssl profiles

I am new to f5 asm, in our environment we have set up a website behind WAF in transparent mode, We have installed a wildcard certificate on real web server and replicated it on waf using client and s...

asm

client-insecure-compatible

clientssl

security

server-insecure-compatible

Nacreous

Feb 28, 2024

client (side) profile means config to be used by F5 when communicating with client.
server (side) profile means config to be used by F5 when communicating with server.

you should put the CA-authorized certificate in F5's client profile.
if your wild card certificate is CA-authorized, not self signed, then you should put it in the client profile.

for server side profile, usually you can simply use the default server profile.
and the webserver can also use self signed certificates.
i usually configure weaker ciphers for server side profile, e.g. AES128 instead of AES256, to reduce server load.

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

client and server ssl profiles

Recent Discussions

Which process is consuming higher CPU

F5 Health Monitor Receive String as JSON

Background Tasks

SSL bridging without SSL proxy forward

Big-IP VE edition for MacBook M4 Chip

Related Content

HTTPS communication and client and server ssl profile

Different port from client to F5 as from F5 to server

ASM Logging profile w/ Remote Storage

Oneconnect profile

Regular Stream profile not working

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS