Forum Discussion
Sanoop_Kuniel_8
Nimbostratus
NimbostratusMoving from IHS to F5
We currently have two IBM IHS servers serving contents to two different applications using SSL (two different domains, two different SSL certs). Something like..
https://domain1/context1 -> webserver1
https://domain2/context2 -> webserver2
We would like to start using F5 to route traffic to different webservers based on the url context, hence we would like it to be something like this
https://F5-vip-domain1/context1 -> https://webserver1/context1
https://F5-vip-domain1/context2 -> https://webserver2/context2
Now the problem that I am having is with the SSL certs. I want to move over the SSL certs from the webserver to the F5 but, when I try to setup a clientssl profile, it asks me for a key, all i have is an SSL cert received from verisign. Secondly, I understand that SSL between F5 -> webserver can use self signed certs, is that correct?
TIA
nassahla_65866we are in the process of migrating to F5 as well from Cisco CSS, we ran into challenges using the same cert, as a result what we ended up doing was generating a CSR with a Key on the LTM , then using that CRS we generated , we acquired a certificate from Verisign which came with an intermediary. What i will suggest is go back to Verign have them revoke the Cert they assigned you then Generate a CSR with Key then have them issue a new Certificate.Hope that helps...
hoolioCirrostratus
You can probably export the SSL private keys from the existing server(s) they're installed on. You can convert the cert and key to PEM format using openssl. Else, you could do as nassahla suggests and generate a new key and ask for a new cert from the CA.
And yes, you can use a self signed cert on the server. With a default server SSL profile, LTM doesn't do any validation of the server cert so it doesn't matter who the issuer is.
Aaron