Forum Discussion

Dazzla_20011

Nimbostratus

Mar 25, 2011

Server-side SSL

Hi, Currently we only do client-side SSL on the F5. I've been asked if we can encrypt the traffic from the F5 to web servers. I know the F5 can do server side ssl so just wonderered if some...

config

design

Arie

Altostratus

Jan 20, 2014

Some suggestions:

Depending on the security requirements, you may be able to save some cycles by using weaker encryption in the DMZ.
Use the longest expiration the security requirements allow. In my experience many organizations purchase certs with a one-year expiration because of financial/budget consideration and/or uncertainty regarding the life span of the web site. Setting the self-signed cert to expire later saves some administrative overhead.
Use the same self-signed cert in the DMZ for all VIPs if the security requirements allow it.

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

Server-side SSL

Recent Discussions

MAC address of deleted VS IP address still responsive

ports are showing open on online scanning tool

how to whitelist new source IP on F5 web UI access

TMSH Command to list ASM policies not attached to any virtual servers in all partitions

APM Modern Customization - modify Header in user-common.js and form in user-logon.js

Related Content

SSL Heartbleed server side iRule

Client-side vs Server-side Load Balancing

Server Side Profile not show the certificate

Atlassian Jira Contact Administrator Server Side Template Injection (CVE-2019-11581)

Dyre presents server-side web injects

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS