Forum Discussion

Dazzla_20011's avatar
Dazzla_20011
Icon for Nimbostratus rankNimbostratus
Mar 25, 2011

Server-side SSL

Hi,     Currently we only do client-side SSL on the F5. I've been asked if we can encrypt the traffic from the F5 to web servers. I know the F5 can do server side ssl so just wonderered if some...
config
design
nitass's avatar
nitass
Icon for Employee rankEmployee
Oct 18, 2011
I usually get certificate error whenever I access any page with self signed certificate, will f5 show similar behaviorif you mean serverssl, no if trusted certificate authorities is configured correctly. the default is none which means f5 will accept server (pool member)'s certificate signed by any ca.

 

 

The Trusted Certificate Authorities setting is optional. This setting is used to specify the CA(s) that BIG-IP trusts when verifying a server certificate. The default value is None, which means the BIG-IP system will accept a server certificate signed by any CA.

 

 

sol11220: Overview of the Server SSL profile

 

http://support.f5.com/kb/en-us/solutions/public/11000/200/sol11220.html

 

 

I just want f5 to recognise the certificate as trusted, could you tell me how can I do this. you have to import ca certificate who signs server (pool member)'s certificate or server certificate itself (in case of self-signed) and set it as trusted certificate authorities.

 

 

hope this helps.