Forum Discussion
HTTP Profile breaks HTTPS Connections
Hi,
We want to setup SSL forwarding for our HTTPS virtual server. If I set a no HTTP profile and setup a bypass by selecting none for both client and server SSL the site works properly.
If I apply a HTTP profile with this bypass the HTTPS breaks. Any ideas?
If you are wanting F5 to do a passthru, where your actual servers will be doing the encryption and decryption, select Type = Performance (Layer 4) on your VIP. Now, if you want F5 to do the SSL handshake for you, you will have to create a client side SSL profile on F5, and import your certificate and key onto F5. F5 will represent your server for the SSL session, and you have the option of setting up your backend to either talk HTTP or HTTPS.
If you are wanting F5 to do a passthru, where your actual servers will be doing the encryption and decryption, select Type = Performance (Layer 4) on your VIP. Now, if you want F5 to do the SSL handshake for you, you will have to create a client side SSL profile on F5, and import your certificate and key onto F5. F5 will represent your server for the SSL session, and you have the option of setting up your backend to either talk HTTP or HTTPS.
- Nfordhk_66801Nimbostratus
That worked! But don't I need a HTTP profile to do load balancing with cookies? How else could I remedy this issue? I have it setup right now for source address
Your load balancing option is setup in the pool. So which ever pool you assign to the L4 VIP, go to the members tab, and select your LB method. You can then setup your Default Persistence Profile to 'cookie" in your VIP object under the resource tab.
- shaggyNimbostratus
Yes - you'll want a standard VS, client-SSL profile with app cert/key, server-SSL profile (if backend is also SSL - none if backend is HTTP), HTTP profile, and a cookie persistence profile.
Think of profiles as the F5 interacting with traffic at that 'level' - in order to do cookie persistence, the F5 needs to interact with HTTP (http-profile), in order to interact via HTTP, the F5 needs to decrypt the traffic (client-ssl) profile
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com