Forum Discussion
Self Signed cert on Server and external CA cert on F5
- Jun 04, 2018
Hi,
When the backend server is using self signed certificates, you can use the serverssl-insecure-compatible SSL profile on the server side.
This way, the F5 accepts the self signed certificate without the need to import anything on the F5.
Regards, Martijn.
Hi,
When the backend server is using self signed certificates, you can use the serverssl-insecure-compatible SSL profile on the server side.
This way, the F5 accepts the self signed certificate without the need to import anything on the F5.
Regards, Martijn.
- som_86408Jun 04, 2018Nimbostratus
Thanks but as far as I know the server-insecure-compaitable ssl profile is used if weak cypher is used at the server end certificate.
Are you sure that this can be used at the f5 end in case of self signed certificate also? Please confirm.
Thanks.
- Martijn_144688Jun 06, 2018Cirrostratus
Hi,
The best way is to use a valid certificate on the server that suits your security requirements and make sure the F5 accepts (trust) this certificate.
If you use a self signed certificate and you have minimum control on the ciphers being used, the server-insecure-compatible is the best option.
You can create your own server SSL profile (maybe based on the server-insecure-compatible profile) and change the ciphers in Advanced settings.
Martijn
- som_86408Jun 06, 2018Nimbostratus
thanks a lot Martijn.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com