Forum Discussion
som_86408
Nimbostratus
NimbostratusSelf Signed cert on Server and external CA cert on F5
Hi,
In a recent requirement, I have to use SSL encryption in between client to F5 and F5 to back end servers communication.
I am familiar with the first one which will be served by external CA ...
Hi,
When the backend server is using self signed certificates, you can use the serverssl-insecure-compatible SSL profile on the server side.
This way, the F5 accepts the self signed certificate without the need to import anything on the F5.
Regards, Martijn.
MvdG
Cirrus
CirrusHi,
When the backend server is using self signed certificates, you can use the serverssl-insecure-compatible SSL profile on the server side.
This way, the F5 accepts the self signed certificate without the need to import anything on the F5.
Regards, Martijn.
som_86408Thanks but as far as I know the server-insecure-compaitable ssl profile is used if weak cypher is used at the server end certificate.
Are you sure that this can be used at the f5 end in case of self signed certificate also? Please confirm.
Thanks.
- MvdG
Hi,
The best way is to use a valid certificate on the server that suits your security requirements and make sure the F5 accepts (trust) this certificate.
If you use a self signed certificate and you have minimum control on the ciphers being used, the server-insecure-compatible is the best option.
You can create your own server SSL profile (maybe based on the server-insecure-compatible profile) and change the ciphers in Advanced settings.
Martijn
- som_86408
thanks a lot Martijn.