Forum Discussion
Re: Changing the Managment Login to Port 636
Hi Brandon,
SSL Check Peer determines whether or not you want the F5 BIG-IP (acting as the SSL client) to verify the SSL certificate of the LDAP server.
SSL Check Peer
Specifies whether the system checks an SSL peer, as a result of which the system requires and verifies the server certificate. The default value is disabled.
2 Replies
BrandonCirrostratus
Thanks for the answer on SSL Peer Check.
One last question login works wether i have chosen a SSL CA Certificate or Left it as none. To me I would have to choose a Cert?
Typically, when you enable the "SSL Check Peer" option (which essentially tells the BIG-IP to verify the chain of trust of the LDAPS server certificate), then for the "SSL CA Certificate" option, you should select a Root CA certificate / bundle that is able to chain back from the LDAPS server certificate.
If the SSL certificate on the LDAPS server is signed by a public certificate authority (e.g. Digicert, Sectigo), then you should be able to just select the pre-installed "ca-bundle.crt" (as it contains the root CA certificates of the most popular public CAs). However, if the SSL certificate on the LDAPS server is signed by your own internal CA or is self signed, then you should upload the corresponding internal Root CA / self signed certificate to the BIG-IP and then select that for the "SSL CA Certificate" option.
