Client side and Server side SSL profile

Certificates on Client and Server SSL profiles have different purposes. On Client SSL profile, BIG-IP is the server so a certificate is applied for the purposes of authenticating BIG-IP to its clients and it’s sent in Server Hello message. You can also add a certificate bundle to Client SSL profile to make it authenticate clients, but this Certificate is used locally for the purpose of verifying if client certificate is valid.

On Server SSL profile, BIG-IP is the client. In that case, you can add a certificate so that BIG-IP can send to back-end server to authenticate itself as a client. You can also add a certificate bundle to verify server’s certificate validity locally.

Nevertheless, adding client and server ssl profiles to BIG-IP has the advantage of making traffic encrypted on both sides.