client ssl profile to serverssl pool members each with different certificates

Question

can I have a custom client side ssl profile and use then use the default serverssl profile to negotiate with 5 pool members each with different certificates? I need to encrypt end to end but the pool members use different profiles?

denverrb_326662 · Answer

You could use a wildcard certificate on the client side and then load balance.¬†
Example Here - ¬†
https://clouddocs.f5.com/api/irules/ClientCertificateCNChecking.html?lc=1¬†

rob_carr · Answer

The certificate offered by the clientssl profile and the certificates offered by the application servers don't have to be the same.  Along with that, by default the serverssl profile doesn't verify certificates by default, so having different certificates on each of your application servers isn't necessarily an issue.&nbsp;
If you do want to have certificate verification between the BIG-IP and the backend servers, it appears that you can only provide one set of trusted certificate authorities, so you will either need to have all server provided certificates chain to the same CA or use some method of profile switching to change the serverssl profile to match the selected back-end server.&nbsp;

Forum Discussion

client ssl profile to serverssl pool members each with different certificates

Recent Discussions

Big IP DNS Failover

AS3 Limitations

Diameter iRules attachment?

Help needed with iRule (connection closed log )

Use of SSL Decryption.

Related Content

Help F5 Transform the BIG-IP Administrator Certification

Re: Management Certificate

F5 Certified Administrator NGINX certification now available!

Updating SSL Certificates on BIG-IP using REST API

Building an OpenSSL Certificate Authority - Creating Your Intermediary Certificate

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS