Forum Discussion

Nimbostratus

Apr 03, 2017

Server SSL profile cert authentication behavior

I would like to know the relationship between following 3 items under Server authentication in Server SSL profile: 1> Server Certificate: ignore or require 2>Expire Certificate Response Con...

Cirrocumulus

Apr 03, 2017

1> Server Certificate: ignore or require

Same as in the client ssl profile, requires/ignores the other device to certificate.

2>Expire Certificate Response Control: ignore or drop

If ignore, it will allow connections with expired certificate. If drop, will drop the connection.

3> Untrusted Certificate Response Control: ignore or drop

Same as above, but in case the certificate was not signed by a trusted CA.

If you select ignore for server certificate, does not matter if the certificate has expired or is not trusted, the connection will not fail because certificate.

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

Server SSL profile cert authentication behavior

F5 Academies Are Back – And We’re Coming to a City Near You

Introducing the F5 Application Study Tool (AST)

Recent Discussions

Which encyrtion algorithm is used when making Kerberos ticket encyrtion.

iControl for Gtm wideip

About F5 idle timeout and keep-alive

Problem with sending BotDefense logs to remote server

OSPF traps on BIG-IP v14

Related Content

SSL Profiles Part 9: Server Authentication

iRules variables in BIG-IP Next: behavior change

F5 BIG-IP Access Policy Manager (APM) - Google Authenticator and Microsoft Authenticator

Doing mTLS Authentication per URL

LTM Authentication Profiles EOL?

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS