Forum Discussion
som_86408
Nimbostratus
NimbostratusSelf sign certificate at the back end server
Hi,
At the back end server, we are using self sig certificate, and the communication between f5 to back end server should be secure. So do I need to import root certificate to trust the certificate? Or I have to import same certificate and key files which is used in the server in f5 and need to map to sever ssl,profile in f5 VIP. Please clarify. Please note due to some security reason I can’t use the insecure server ssl profile.
Thanks Som
RenatoAltostratus
You can use any certificate and key pair in a server ssl profile unless you really want to authenticate the server, what seems not to be the case as you are using self signed ones.
On the server side, big-ip is acting as a client. You can answer yourself for "Do I need to install the same certificate and key files in f5 and have to map to the vip"
Answer this question 1st: do yo install server's cert and key to your browser or you just navigte to e.g.
After that you will be able to answer your 1st question.
As for "I need to install the root certificate of the certificate in f5 if yes then what config I have to do in server ssl profile?"
Do you want to use server authentication option? If not then no need to install any root CA certs. If yes, then use next article to know more about Server SSL profile
K14806: Overview of the Server SSL profile (11.x - 13.x)
- Renato
If you really need to authenticate the server you have to upload the CA bundle, with the root certificate and all the required intermediate ones. You don't need any key! After that you have to create a custom server ssl profile setting, in the Server Authentication area, the Server Certificate option as "require" and use your CA bundle as the Trusted Certificate Authorities option. And, finally, use this profile in your virtual server.
