Forum Discussion

Nimbostratus

Feb 20, 2019

F5 LB : Decryption and Re-Encryption of Traffic to Application Server

I want to understand how a F5 Load balancer decrypts the SSL traffic received from a client say a browser and then re-encrypts it before sending/forwarding the same to an Application Server in an ent...

Nimbostratus

Feb 20, 2019

There are multiple ways to do that on the Big-IP, but in most cases you probably want the valid certificate and its matching private key on the Big-IP, and then you can have a valid or self-signed certificate and its matching private key on the backend server.

Encryption between the client and the Big-IP will use the certificate hosted on the Big-IP, and encryption between the Big-IP and the backend server will be done using the certificate on the backend server. In this scenario the Big-IP acts both as a server and a client.

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

F5 LB : Decryption and Re-Encryption of Traffic to Application Server

F5 Academy at AppWorld 2026

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

How can I get started with iCall

Connection Rest f5

Kubernetes cert-manager + LetsEncrypt + F5

The GSLB pool is providing an incorrect IP to end users

Unable to ping from some self ip on Velos

Related Content

Decrypt, Encrypt, Decrypt, Encrypt, Encrypt....

Introducing the F5 Application Study Tool (AST)

decrypted tcpdump capture without using an iRule and without using tshark

F5 Distributed Cloud - Regional Decryption with Virtual Sites

Decrypting BIG-IP Packet Captures Automatically

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS