For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

neeeewbie's avatar
neeeewbie
Icon for MVP rankMVP
May 23, 2024

connect to cloudflare or cloud ec2 via SSLO

Hi everyone, I need your help. I'm having trouble connecting to Cloudflare or a cloud EC2 instance via SSLO. The connection keeps failing due to SSL issues. I think it might work if I add the C...
application delivery
cloud
security
Lucas_Thompson's avatar
Lucas_Thompson
Icon for Employee rankEmployee
May 23, 2024

In outbound mode, Mutual TLS requires either bypassing the SSLO (create the bypass rule based on SNI or remote IP) or creating a trust on the target server to your own CA that's on the SSL Orchestrator BIG-IP. Ordinarily (not mTLS) SSLO re-creates the server's certificate using its own CA. In mTLS, this must occur in BOTH directions, so both the client AND server must trust the SSLO's CA. 

This is covered in the deployment guide here:

https://clouddocs.f5.com/sslo-deployment-guide/sslo-11/chapter6/page6.01.html

If the bypass doesn't fix it enable logging and follow the instructions in this SSL troubleshooting KB article:

https://my.f5.com/manage/s/article/K15292

 

neeeewbie's avatar
neeeewbie
Icon for MVP rankMVP
May 24, 2024

Thank you for the information you shared!

Related Content