Forum Discussion
Dayne_Miller_19
Apr 27, 2012Historic F5 Account
I'll let iclay respond if so inclined, since I can't share details about that configuration, but the summary is that the issue ended up being one of network topology rather than iApp configuration. Once that was sorted out, the iApp worked correctly.
Techgeeeg: Actually, you don't have to select the same cert and key for the serverssl section (the re-encryption part). The old iApp erroneously asked for a cert and key but never actually used them. The BIG-IP is acting as a 'client' in that context, with each CAS pool member being the server; the 'client' is not expected to present a cert or key.
The new iApp fixes a large number of issues (including no longer asking for the cert/key for re-encryption)and offers much more flexibility in deployments. We recommend it for all 11.x customers.