LTM SSL Profiles issue

Question

Hi all,&nbsp;
Happy new year.&nbsp;
I have a website hosted on a Windows IIS server and want to publish it with SSL certificate.
what are the configuration steps should I do on the F5 ? and what is the profile should I use client or server ?
also what are SSL certificates will be added on the F5 by the way I get the certificate.pfx from the web server ?&nbsp;
another question what are the certificates should I add on the F5 if I will use an USB-token to authenticate the clients ?&nbsp;
Thanks&nbsp;

nathe · Answer

Tamer,&nbsp;
In brief, to terminate the SSL connection you will need a Client SSL Profile configured and applied to the Virtual Server. If you need to re-encrypt to the backend webserver then you would also need a Server SSL Profile configured and applied to the Virtual Server (note, most times the default serverssl profile will work fine).&nbsp;
You will need to export the cert/key from the existing web server, import onto the BIG-IP and associate with the new Client SSL Profile.&nbsp;
Client certificate Authentication will require the Trusted CA certificate configured on the BIG-IP, perhaps a Root or Intermediate CA cert. Normally this would be from an internal PKI. You just configure the Client SSL profile to accept client certs signed from a particular Trusted Authority.&nbsp;
See the following links for more granular help:&nbsp;
Managing SSL certificates for BIG-IP systems using the Configuration utility&nbsp;
Overview of the Client SSL profile&nbsp;
Hope this helps,&nbsp;
N&nbsp;

tamer_ezzat_235 · Answer

Hi Nathan,&nbsp;
Thanks for your support&nbsp;
So I will import the certificate.pfx file and create SSL client profile only OK that is fine&nbsp;
and for Client certificate Authentication I will add in addition to the above certificate.pfx  I will add the Trusted CA certificate Root or Intermediate CA cert.&nbsp;
I will try then and will keep you updated.&nbsp;
One more thing: each website should has a Trusted CA certificate - root CA or not ?
should I create a root CA for each website ?&nbsp;
Thanks for your help&nbsp;

nathe · Answer

an intermediate should be fine, whatever has signed the client certificate

tamer_ezzat_235 · Answer

OK
Thanks I will do that and will update you&nbsp;

tito_110_241800 · Answer

Hi Nathan,&nbsp;
Thanks so much for your support&nbsp;
It worked&nbsp;
I created a SSL client profile using the certficate.pfx , and created SSL server profile using  the default serverssl profile.&nbsp;
Many thanks to you&nbsp;

F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

LTM SSL Profiles issue

6 Replies

F5 Container Ingress Services (CIS) and using k8s traffic policies to send traffic directly to pods

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

Request for Bug Tracker/Known Issues – BIG-IP Version 17.5.1.2

AST Configuration Assistance

Adding logging to APM per-request policy without SWG license

Single LTM with multiple GTM domains

License activation

Related Content

iControl REST Cookbook - Virtual Server Profile (LTM Virtual Profiles)

LTM issue Openning new web browser tab

list ltm profile

GTM and LTM iquery issues

LTM HTTP Profile Option: Response Chunking

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS