Forum Discussion

vvskaladhar_488's avatar
vvskaladhar_488
Icon for Nimbostratus rankNimbostratus
Oct 29, 2013

Cookie persistency on https port

Hi All,   Can you please let me know if we can bind the cookie persistency on the VIP running with Https port ? can you please let me know if it will work with out issues ?  
availability
design
TMSH
Kevin_Stewart's avatar
Kevin_Stewart
Icon for Employee rankEmployee
Oct 30, 2013

Yes, any client SSL profile applied to the VIP will provide SSL offload. This is the profile that you select in the "SSL Profile (Client)" section. Keep in mind a few things:

 

  1. Once SSL is offloaded with the client SSL profile, the traffic is unencrypted. You can send that directly to your server pool on port 80 HTTP, or if necessary you can re-encrypt with a server SSL profile.

     

  2. The client SSL profile is now the SSL server to the client. You'll want to export the application server's certificate and private key to the F5 and use those in a new client SSL profile. The built-in clientssl profile has a generic localhost.localdomain server certificate that will cause browsers to throw up a security warning.