Forum Discussion

Nimbostratus

Feb 04, 2025

Problem with self-signed certificate

We have a self-signed certificate on a Back End server. However, this certificate is not secure. I need F5 to ignore the untrusted certificate and apply a certificate that I configured in the SSL p...

announcement

application delivery

Mayur_Sutare

MVP

Feb 07, 2025

Hi F599

When you use Performance Layer 4 type Virtual server, SSL/TLS will be terminated on the backend server. In this case, F5 do not have any control on it. So, whatever certificate is available on the backend server, will be presented to the client. Same is happening in your case. And this is not an issue. It is as per the design and how packet is being handle.

With Standard type of virtual server type, you can manage SSL configurations on the F5.

Check this article to understand how sessions get established with each type of virtual server.

Overview of TCP connection setup for BIG-IP LTM virtual server types

Could you please confirm below points?

Did you map client-ssl profile and server-ssl profile to Standard type of virtual server?
If yes, what is the behaviour with this setup? Is SSL handshake successful or is there any error?

F599
Nimbostratus
Feb 07, 2025
Hi,
In client-ssl we use our internal certificate.
In server-ssl we create a profile to ignore the server's untrustworthy certificate.
In this scenario, our certificate is not recognized and the website cannot be accessed.
Error that the page could not be accessed.
- boneyard
  MVP
  Feb 08, 2025
  three answers say it is possible and i agree. please provide more details on your exact configuration.
  
  either some screenshots or CLI output of the configuration (remove or replace private information).