Forum Discussion
Oct 12, 2011
So you are saying that if you connect directly to your secured web service (not through the BIG-IP), you have things working (after keystore configuration), but when you run it through the BIG-IP while your server is still setup as a secure web service and you don't have LTM doing SSL offload, it's not working on your client? If so, that doesn't make sense as if the LTM is not terminating the SSL, then the certificate passing should be identical. The packets to/from the web service from the client shouldn't be changed by the LTM (that is, unless it's terminating the SSL - ie. decrypting from the client and then re-encrypting to the backend server).
If all you care about is allowing the certs on your client app, the code I wrote for the iControl library for Java might help out. In it, I wrote a class called XTrustProvider that told the ssl client code to allow self-signed certificates. I blogged about it a few years back:
http://devcentral.f5.com/weblogs/joe/archive/2005/07/06/1345.aspx
Hope this helps...
-Joe