Thanks to Everyone sharing thoughts and good explanation. @Nitass...i have another question By default client cert option is select ignore in BIGIP. Like same We can need to do in server side (Because BIGIP is client for server when it is making a secure connection with bigip in offload time). am i right ??????? If Server is asking for client auth while making a connection from BIGIP to server side when Cert bigip will present to server.....Is it self sign cert ????????What happened if BIGIP and Server have same cert (How communication will happen between them)