Forum Discussion
HTTP Profile breaking HTTPS
- Oct 18, 2016
It's mandatory to offload SSL in BigIP to inspect the HTTP headers (Host, and others). There's no way around it. However, you can use serverssl profile in conjunction with clientssl to re-encrypt before the request gets forwarded to a pool member.
It's mandatory to offload SSL in BigIP to inspect the HTTP headers (Host, and others). There's no way around it. However, you can use serverssl profile in conjunction with clientssl to re-encrypt before the request gets forwarded to a pool member.
Clientssl profile is the device default. It points to a self-signed certificate which ofcourse is not trusted by Web Browsers. To get rid of the "connection not secure" warning, you will need to take the valid SSL certificate, Private Key and CA Intermediary certificate from your Web Server that currently does SSL offload, and install those on BigIP.
After you have the ca-issued certificate files installed on BigIP, you will create a custom client-ssl profile which points to those valid files. And once you have the custom client-ssl profile, you update your Virtual Server configuration accordingly. The server-ssl profile may remain default.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com