Forum Discussion
Dayne_Miller_19
Apr 27, 2012Historic F5 Account
The new advanced monitors -- which perform synthetic transactions that emulate "real" clients and use actual user credentials that you supply -- are configured by the new iApp. They all work as advertised.
(MAPI, aka RPC Client Access, is the only supported CAS protocol/service for which we don't provide an advanced monitor at this time.)
You are correct that SSL Bridging re-encrypts traffic before placing it back on the wire. However, it's important to understand how certs and keys are used.
On the client side of the BIG-IP, the cert/key combination is supplied by the BIG-IP system (as if it was a server). A client -- for instance, a browser -- connects, checks the server [BIG-IP] certificate for authenticity, and then negotiates a secure connection using the server [BIG-IP] key. [This is a simplified description; see any number of TLS/SSl information sites for details about the full exchange.]
On the server side, the BIG-IP is itself the' client' and, in this case, the CAS members are the servers. So the BIG-IP doesn't present a certificate and key (and therefore there's no need to select them); that's done by the server [CAS].