Mar 27, 2026 - For details about updated CVE-2025-53521 (BIG-IP APM vulnerability), refer to K000156741.

Forum Discussion

Jon_Schultz_196's avatar
Jon_Schultz_196
Icon for Nimbostratus rankNimbostratus
Jan 18, 2016

Issue with certificates using public F5 presence to internal resource

I am having an issue getting https certificates working properly for a public facing application that hits the external F5 partition, load balances to our FW, which then NATs the traffic to our inter...
application delivery
LTM
James_Thomson's avatar
James_Thomson
Icon for Employee rankEmployee
Jan 18, 2016

If possible, can you post configuration snippets? I'm guessing *.wildcardcert.com is your public SSL certificate? If so, you want that in a client-ssl profile assigned to the first hop. Then, the default serverssl profile assigned to that vip. Then, on 10.1.104.56, I think you can use teh default client-ssl profile with NO serverssl profile (assuming port 5011 is meant to receive unencrypted traffic?).