For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Mic_108850's avatar
Mic_108850
Icon for Altostratus rankAltostratus
May 07, 2010

HTTPS and SSL certificate for 2 BIG-IPs

Hi,     I have 2 BIG-IPs in differents locations (they are configured in Symetrical deployement mode)     BIG-IP 1:   VS_a1.test.domain.com (https)   with Pool (ip1:443)     ip1...
config
design
Michael_Yates's avatar
Michael_Yates
Icon for Nimbostratus rankNimbostratus
May 10, 2010
Mic,

 

 

I've done exactly what you are talking about across multipe F5 Pairs with Wildcard SSL Certificates and haven't had any problems in the past.

 

 

I can't say that I've ever had the problem that Hamish is describing, although you can never be too safe. We've thought of the Security aspects of having the SSL Certificates on the F5's and we actually use them as a storage repository for SSL Certificates that are created and not used on the F5's (so that we can keep track of them in case the server has a failure).

 

 

In the event of an F5 RMA (which in 4 years I've only had to do one, and that was an SSL Accelerator Card Failure) you can retrieve and then delete all of the current SSL Certicates that reside on an F5 to keep them secure in your companies hands.

 

 

They are located in the following directories:

 

/config/ssl/ssl.crl

 

/config/ssl/ssl.csr

 

/config/ssl/ssl.key

 

/config/ssl/ssl.crt