Forum Discussion
Dan_W__274799
Nimbostratus
NimbostratusHTTP Profile breaking HTTPS
I have a https_vs that does not offload the SSL. I also have two pools https_pool and https_training_pool. I have to have iRules to inspect the https address for "portal.newco.com" to go to the https...
It's mandatory to offload SSL in BigIP to inspect the HTTP headers (Host, and others). There's no way around it. However, you can use serverssl profile in conjunction with clientssl to re-encrypt before the request gets forwarded to a pool member.
Hannes_Rapp_162
Nacreous
NacreousIt's mandatory to offload SSL in BigIP to inspect the HTTP headers (Host, and others). There's no way around it. However, you can use serverssl profile in conjunction with clientssl to re-encrypt before the request gets forwarded to a pool member.
Dan_W__274799When I set it with the serverssl and clientssl then I get a certificate error on the web page, and it doesn't seem to redirect my portal vs training pages. I receive a "Connection not secure" on the pages.
- Hannes_Rapp_162
Clientssl profile is the device default. It points to a self-signed certificate which ofcourse is not trusted by Web Browsers. To get rid of the "connection not secure" warning, you will need to take the valid SSL certificate, Private Key and CA Intermediary certificate from your Web Server that currently does SSL offload, and install those on BigIP.
After you have the ca-issued certificate files installed on BigIP, you will create a custom client-ssl profile which points to those valid files. And once you have the custom client-ssl profile, you update your Virtual Server configuration accordingly. The server-ssl profile may remain default.