Server-side SSL

I usually get certificate error whenever I access any page with self signed certificate, will f5 show similar behaviorif you mean serverssl, no if trusted certificate authorities is configured correctly. the default is none which means f5 will accept server (pool member)'s certificate signed by any ca.

 

 

The Trusted Certificate Authorities setting is optional. This setting is used to specify the CA(s) that BIG-IP trusts when verifying a server certificate. The default value is None, which means the BIG-IP system will accept a server certificate signed by any CA.

 

 

sol11220: Overview of the Server SSL profile

 

http://support.f5.com/kb/en-us/solutions/public/11000/200/sol11220.html

 

 

I just want f5 to recognise the certificate as trusted, could you tell me how can I do this. you have to import ca certificate who signs server (pool member)'s certificate or server certificate itself (in case of self-signed) and set it as trusted certificate authorities.

 

 

hope this helps.

Some suggestions:

 

1. Depending on the security requirements, you may be able to save some cycles by using weaker encryption in the DMZ.
2. Use the longest expiration the security requirements allow. In my experience many organizations purchase certs with a one-year expiration because of financial/budget consideration and/or uncertainty regarding the life span of the web site. Setting the self-signed cert to expire later saves some administrative overhead.
3. Use the same self-signed cert in the DMZ for all VIPs if the security requirements allow it.