For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Muhammad_Irfan1's avatar
Muhammad_Irfan1
Icon for Cirrus rankCirrus
Nov 06, 2014

Client side certificate and server side certificate in HTTPS

I will offload HTTPS traffic on F5 from clients, F5 will decrypt it and encrypt it on the servers side and send it to Siebel web servers.   TO my understanding i will create .CSR file and CA w...
shaggy's avatar
shaggy
Icon for Nimbostratus rankNimbostratus
Nov 06, 2014

item 2 - adding the cert/key to a server-ssl profile is not necessary unless the siebel servers are authenticating client certificates

 

The common name should be the FQDN of the F5 virtual server IP resolved in DNS. Subject alternative names should be any additional hostnames that can/will be used to access the site (common example is a common name of www.abc.com with a SAN of abc.com)

 

shaggy's avatar
shaggy
Icon for Nimbostratus rankNimbostratus
Nov 06, 2014
specify a certificate/key in the server-ssl profile that the siebel servers trust. you should submit the CSR to have a certificate created by either a public or internal CA that users trust. The certificate referenced in the client-ssl profile will be what all end-users see.