Forum Discussion
Did Serverssl profile require certificate?
Hi kridsana ,
you don't need a certificate or key in server side , it will be fine with you.
Let me explain some points.
Imagine you you are browsing a website such as { F5.com } , will you need to setup a specified F5 digital certificate to visit their site ? Actually no , you do not need that , and this common in all public websites.
So in the case of { SSL bridging } or adding server ssl , it's only you make Bigip to act as a client with the web application server/ pool member which locates behind your Bigip.
The Bigip in this Case do what you do when visiting any website.
even if the Server/pool member Certificates don't signed by Public CA , your Bigip will ignore this "trust" Challenge and proceed in ssl negotiations and establishing the needed secure connections between Bigip and the selected pool member.
This make sense because as a client you don't have to offer a digital certificate to any website , but you as a client waits to receive the "Web site digital Certificate " signed by a well known CA , after that you as a client verifies this Certificate and it's valid duration and signature , then you as a client starts to the Key exchange phase with web site servers ( maybe it is a Bigip or any firewall has the server certificate /public key ..... ).
Without going in-depth in ssl negotiations and connections , but your connections as a client similar to server side connections in case of ssl bridging , and you can achieve your requirements without adding extra certificates , I mean use the default ssl-server profile , it will not make issues with you.
I hope this helps you.
Thank you for explanation. I now understand F5 doesn't need to import root self-sign certificate of server into F5.
Can I ask one more question?
What happen if server IP 10.10.10.10 but they have certificate name different (not 10.10.10.10) ? .... eg. CN is server hostname or have CN as ip 192.168.1.1
Will F5 still ignore trust certificate and everything still working fine?
- Mar 05, 2023
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com