Forum Discussion
AltostratusDecryption of traffic on F5
Hi Team,
I need to enable decryption of traffic on F5 as previously the same was happening at the server end...can you please help me know the procedure as how that can be achieved and what steps would be required as I am new to F5.
Thanks, Imran
amintejCirrus
You have to configure SSL client profile in the virtual server that you want to perform SSL offloading. If you want to encrypt (SSL onloading) from F5 to the servers, you hace to add SSL server profile.
Robell_Pontes_7Nimbostratus
Hi,
 
I recommend reading this response as it will give you some context: https://devcentral.f5.com/s/feed/0D51T00006i7cquSAA
 
For what you describe, you're currently doing SSL tunneling, which means the F5 is NOT decrypting the traffic but sending it as it is to the backend.
 
To decrypt the traffic on the F5, you need to create a ClientSSL profile and attach it to the correspondent virtual server. Then you have to decide whether you're going to re-encrypt the traffic or not before sending to the backend. If so, you'll also need a ServerSSL profile on the same virtual server, if you plan to send the traffic unencrypted from the F5 to the backend, then you only need the ClientSSL profile.
 
You'll find the information you need here:
 
https://support.f5.com/csp/article/K14783
 
https://support.f5.com/csp/article/K14806
 
- Phips_306701
Hey Immu,
you have to do the following:
- add your certificates
- System -> SSL Certificates
- create an SSL client profile
- Local Traffic -> Profiles -> SSL -> Client
- here is important to add the certificate key chain (certificate, private key, CA)
- add the SSL profile to your Virtual host
- Local Trafic -> Virtual Servers -> -> Properties -> SSL Profile (Client)
After those steps you can remove the certificate from the backend server and the traffic will be decrypted after your Big-IP.
immuThank you all for you reply...now I clear on the concept.
Thanks,