F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

Martin_Smith_58's avatar
Martin_Smith_58
Icon for Nimbostratus rankNimbostratus
Oct 19, 2012

Regular SSL/TLS for user connections to the LTM, with SNI support from LTM to the real webservers?

Hi there --   We have a client base that we truly can't force to support TLS SNI for HTTP traffic. However, we'd like to limit the number of IPs we put on our backend webservers. I'm wondering if ...
config
design
nitass's avatar
nitass
Icon for Employee rankEmployee
Oct 20, 2012
sorry i might be lost. i understand serverssl profile by default does not verify server's certificate. so, why do you need SNI on server-side connection? and what certificate/key are you going to put in clientssl profile??

 

 

The Trusted Certificate Authorities setting is optional. This setting is used to specify the CAs that the BIG-IP system trusts when verifying a server certificate. The default value is None, which means the BIG-IP system will accept a server certificate signed by any CA.sol11220: Overview of the Server SSL profile

 

http://support.f5.com/kb/en-us/solutions/public/11000/200/sol11220.html