Server Certificate Configuration..????

Question

I am configuring complete encryption for my traffic as shown below. The url configured in the DNS is myaccess.com which loadbalance to server1.com:8443 and server2.com:8443. &nbsp;
client browser --&gt; F5 LTM --&gt; Servers&nbsp;
I am using client certificate to offload SSL on F5 and do i need a saparate server certficate for F5 to pool members? Is this certificate created using server hostnames or the VIP url?&nbsp;
I am bit confused  now and can somebody help me with this?&nbsp;
Regards,&nbsp;

afedden_1985 · Answer

For end to end SSL, Your VIP would listen on port 443 and will need a HTTP profile and a SSL Profile (Client) profile with the ssl certificate and key for the VIP. To re-encrypt just add a SSL Profile (Server) called serverssl. This will re-encrypt the traffic sent to the pool members over port 8443 if you added the port to the pool members. The Servers will need to be HTTPs enabled and be listening on port 8443 and would need their own ssl certificates.

Forum Discussion

Server Certificate Configuration..????

1 Reply

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

VIP is not responding on SYN after enabling other modules like ASM, APM and AFM.

VIP in https that redirect to another vip in https

2026 301a exam

F5OS login with admin/root failed via console

UCS Encryption Question

Related Content

Certificate Expiry Email alert configuration

Automating Certificate Management on F5 BIG-IP

Automating ACMEv2 Certificate Management on BIG-IP

Building an OpenSSL Certificate Authority - Configuring CRL and OCSP

Certificate Automation for BIG-IP using CyberArk Certificate Manager, Self-Hosted

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS