Forum Discussion

Prince's avatar
Prince
Icon for Altostratus rankAltostratus
Nov 13, 2017

Public SSL cert on F5 and Self Signed on Server

Hello Folks,

 

If planning to implement SSL bridging with external cert installed on F5 and backend server uses self signed, would like to know

 

1) Will clients get an error while accessing the website ? 2) If not, in which case will client get the error as backend server is using self signed cert

 

I think that clients will not get error as both side connections will be independent but just trying to understand the different scenarios.

 

  • Since F5 acts as a full proxy, the client should only interact with the F5 and the server will only interact with the F5. The external cert (I'm assuming a CA cert) should be applied on the client-side SSL profile whereas your self-signed will be applied on your server-side SSL profile.

     

    It should be that simple. Hope that helps!

     

  • 1) Will clients get an error while accessing the website ? 2) If not, in which case will client get the error as backend server is using self signed cert

     

    No, they won't. By default the F5 does not care about the validity of the server side certificate. The client and server SSL profiles are separate in the configuration. The Client profile is used against, no suprise here, the clients, and the server side profile against the server.

     

    Since the F5 is a full proxy just like Shann_P states above the two sides are handled separately.

     

    /Patrik