Forum Discussion

Dayesh_263997's avatar
Dayesh_263997
Icon for Nimbostratus rankNimbostratus
7 years ago

HTTP or HTTPs on backend servers if SSL Offloading is used

Hi All,   Please consider below line diagram as per my setup.   Client ===HTTPS===LTM===HTTP===Web SERVERs or DB servers   The server team can enable either HTTP or HTTPs on the backend serv...
application delivery
LTM
Kevin_Stewart's avatar
Kevin_Stewart
Icon for Employee rankEmployee
7 years ago

SSL bridging means that you terminate client side TLS on the BIG-IP, and then re-encrypt to the server. This requires client and server SSL profiles. The client SSL profile should of course have your client-facing server certificate and private key, and have proper cipher support. The server side, because the internal TLS connection isn't validated by default, can be very simple. In fact you can usually get away with using the built-in "serverssl" profile on the LTM VIP.

 

So then, yes, the Tomcat server is listening on HTTPS, the BIG-IP VIP is listening on HTTPS, but traffic is decrypted on the BIG-IP.