connect to cloudflare or cloud ec2 via SSLO

Question

Hi everyone,
I need your help.
I'm having trouble connecting to Cloudflare or a cloud EC2 instance via SSLO. The connection keeps failing due to SSL issues.
I think it might work if I add the CA list of Cloudflare or the cloud provider, but I'm not sure if this is correct. Could it be that the "Full Strict Mode" or mtls configuration on these servers is causing the problem?
Please let me know if you have any insights on this.
Thank you.

lucas_thompson · Answer

In outbound mode, Mutual TLS requires either bypassing the SSLO (create the bypass rule based on SNI or remote IP) or creating a trust on the target server to your own CA that's on the SSL Orchestrator BIG-IP. Ordinarily (not mTLS) SSLO re-creates the server's certificate using its own CA. In mTLS, this must occur in BOTH directions, so both the client AND server must trust the SSLO's CA.&nbsp;
This is covered in the deployment guide here:
https://clouddocs.f5.com/sslo-deployment-guide/sslo-11/chapter6/page6.01.html
If the bypass doesn't fix it enable logging and follow the instructions in this SSL troubleshooting KB article:
https://my.f5.com/manage/s/article/K15292
&nbsp;

neeeewbie · Answer

Thank you for the information you shared!

Forum Discussion

connect to cloudflare or cloud ec2 via SSLO

Recent Discussions

ip x-forwarding

ports are showing open on online scanning tool

Upgrade F5 BIGIP

DNS HM Probe issue

Is XFF a must for ASM WAF DoS

Related Content

How to quickly protect your Cloudflare CDN with F5 Distributed Cloud Bot Defense

Seamless App Connectivity with F5 and Nutanix Cloud Services

Securely connecting Kubernetes Microservices with F5 Distributed Cloud

Site-to-Site Connectivity in F5 Distributed Cloud Network Connect – Reference Architecture

Using F5 Distributed Cloud private connectivity orchestration for secure multi-cloud infrastructure

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS