F5 forward SSL to the server , lets encrypt.

Question

Hello guys, &nbsp;
I am relatively new to the F5 , so we were wondering if there is a possibility to make things work with the lest encrypt in the following architecture:&nbsp;
So we have, let’s say “domain.com” with A record to x.x.x.x on F5 &nbsp;
Virtual servers (x.x.x.x) -&gt; pools -&gt; node:80 (y.y.y.y ip on the server itself)&nbsp;
Virtual servers (x.x.x.x) -&gt; pools -&gt; node:443 (y.y.y.y ip on the server itself) &nbsp;
What we are trying to do is to set the Lets encrypt SSL on the server y.y.y.y (sense lets encrypt plugin is installed there) and not on the F5, because some of the reasons. We want to keep the F5 protection and valuable features, but move the Lets encrypt to the server. &nbsp;
Is there any way to achieve this? &nbsp;
Thank you! &nbsp;

surgeon · Answer

You can bypass ssl on big-ip. In this case ssl will be initiated with your back-end server directly.&nbsp;
If you want to do SSL offload on the big-ip, you can use REST API calls to update certificates and keys on the big-ip.&nbsp;
https://devcentral.f5.com/articles/lightboard-lessons-automating-ssl-on-big-ip-with-lets-encrypt-21475&nbsp;

Forum Discussion

F5 forward SSL to the server , lets encrypt.

Recent Discussions

BIG-IP Edge Endpoint Inspection Failure pre-VPN

How to export a list of paired external service providers from APM?

How to Renew F5 Device Certificate

BIG IP LTM - Multiple application on single VIP with multiple ports allowed.

Service discovery is not happening in AS3

Related Content

Let's Encrypt

Decrypt, Encrypt, Decrypt, Encrypt, Encrypt....

Load Balancing TCP TLS Encrypted Syslog Messages

Encrypting Cookies

X-Forwarded-For Log Filter for Windows Servers

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS