Forum Discussion

Ichnafi's avatar
Ichnafi
Icon for Cirrostratus rankCirrostratus
Nov 29, 2018

How make LTM trust a node's Self-Signed Cert?

Hello fellow F5-Admins,

 

I'm quite lost at the moment. I was asked by our anti virus guys, if we could use SSL (https) in the backend between my LTM and their ICAP anti virus servers. Because it's backend and other more or less viable reasons, we would like to use a self-signed certificate on the ICAP-servers.

 

Testing the connection with curl -k (-k for insecure) succeeds but I guess I have to make the F5 trust the self signed cert somehow to make it work. At the moment the health monitor is still read because F5 not trusting the servers cert.

 

Where/how can I tell the F5 to ignore/accept the serf-signed cert, or how to I import it to the trusted store? Just importing the cert into the "SSL CCertificate List" does not work.

 

Cheers Ichnafi

 

  • Well....shame on me. It seems that the F5 does not care if the server presents a self-signed cert. But one has to create a https monitor, not http.

     

    Message to future me: think before you act.

     

    Cheers Ichnafi