Forum Discussion

Paul_Lueders's avatar
Paul_Lueders
Icon for Altostratus rankAltostratus
Aug 08, 2018

F5 as a cert manager

At this time we have the certificates and keys installed on all the application servers and when we need to update the certs and keys we need to update them on each server and on the F5. Can I remove the certificates from the application server and manage ssl authentication on the F5. I would like to have one place where the certificates reside so that they are easier to manage.

 

  • One way I can think of is use SAN names and create just a single cert for the apps, even a wildcard option is available.

     

    Then you can create a single client ssl profile with this cert and add to all the vips and only keep port 80 on the back end.

     

    This is ssl offloading, client will come to bigip on ssl and bigip to servers will be without ssl.