Forum Discussion

som_86408's avatar
som_86408
Icon for Nimbostratus rankNimbostratus
Jun 04, 2018

Self Signed cert on Server and external CA cert on F5

Hi,   In a recent requirement, I have to use SSL encryption in between client to F5 and F5 to back end servers communication. I am familiar with the first one which will be served by external CA ...
application delivery
BIG-IP
LTM
server ssl profile
  • Martijn_144688's avatar
    Martijn_144688
    Jun 04, 2018

    Hi,

     

    When the backend server is using self signed certificates, you can use the serverssl-insecure-compatible SSL profile on the server side.

     

    This way, the F5 accepts the self signed certificate without the need to import anything on the F5.

     

    Regards, Martijn.

     

MvdG's avatar
MvdG
Icon for Cirrus rankCirrus

Hi,

 

When the backend server is using self signed certificates, you can use the serverssl-insecure-compatible SSL profile on the server side.

 

This way, the F5 accepts the self signed certificate without the need to import anything on the F5.

 

Regards, Martijn.

 

MvdG's avatar
MvdG
Icon for Cirrus rankCirrus
Jun 06, 2018

Hi,

 

The best way is to use a valid certificate on the server that suits your security requirements and make sure the F5 accepts (trust) this certificate.

 

If you use a self signed certificate and you have minimum control on the ciphers being used, the server-insecure-compatible is the best option.

 

You can create your own server SSL profile (maybe based on the server-insecure-compatible profile) and change the ciphers in Advanced settings.

 

Martijn