Does the F5 LTM communicate securely to a pool member that has a self signed certificate?
Hi.
We have a HA pair of i2600 LTMs running 15.1.2.1. We want to ensure end to end encryption for all our Websites. We currently have our F5 presenting Trusted public certificates client side. On the server side, we have 10-year self-signed certificates (generated on each pool member - not on the F5). The idea is that our pool members do not face the internet and are not contacted (by clients) directly, so a self-signed certificate should be enough. Before 10 years, we wouldve rebuilt the pool member on an updated OS and also to avoid having to update each pool member's certificate yearly.
That said, i have some questions about the scenerio described above.
1. Currently for all our VIPs serverside communication, the F5 is communicating to the pool member(s) over the secure port (mostly 443, 8443 and some other random ports based on the application). Is this traffic from the F5 to the pool member(s) actually encrypted and secure?
2. Is this common practice?
3. Should I be handling this a different way? If so, can someone provide a more secure scenerio
Thanks in advance