Proxy SSL Cipher Suite

Hi, What would be the appropriate line which i can write instead of DEFAULT in cipher suite filed for RSA? The error message seen on the explorer window, i still have not run the packet capture. I would do further troubleshooting once the cipher suits are correct. I am newbie :(

Unfortunately, as there is no ssl bridging nor offloading configured on the bigip, ciphers are negociated between the browser and the backend server

just wanted to know one thing. in the server ssl and client ssl profile, we would be providing on the Server certification. I have a single certificate for web server authentication as well as for client authentication. Do i need to get a certificate for server authentication only which would work?

On the clientssl profile, you should let everything default from the default clientssl profile except that Proxy SSL feature is checked

On the serverssl profile, you need to assign the same private key/certificate used by the backend server and have Proxy SSL checked. If there is client certificate authentication, the configuration should be done on the backend server. Nothing else needed on the bigip

In terms of Best Practices, you should have different certificates for ssl server authentication and client certificate authentication. X.509 purposes should not be the same. Also, pay attention that your certificates CA issuers are trusted on each peer. Some system/browser reject client cert auth if there is untrusted certificates

Thanks Yann, i would try this solution today.

I got this error - Configuration error: SSL Proxy state on clientssl profile(s) and/or serverssl profile(s) doesn't match on virtual server As per the document, i think, proxy ssl should be enabled on both.

Hi, Yes, of course proxy ssl should be activated on both