Forum Discussion

Joshua_Rasnier's avatar
Joshua_Rasnier
Icon for Nimbostratus rankNimbostratus
Oct 17, 2013

serverside certifcate per server

I have a virtual server with a serverside SSL profile. This serverside SSL profile references a self-signed certificate from the end server.   But F5 LTM is a load balancer so what happens when y...
BIG-IP Access Policy Manager (APM)
deployment
security
Joshua_Rasnier's avatar
Joshua_Rasnier
Icon for Nimbostratus rankNimbostratus
Oct 21, 2013

I understand I can have a single serverside profile for the virtual server and I also can select a serverside profile for a specific pool as I do with below rule. 

when SERVER_CONNECTED  {

switch -glob [LB::server pool] {  
"POOL_1" {
    SSL::enable serverside
    SSL::profile "serverssl_pool1"
        } 
    }
}

What I wondering is. If I have three servers for POOL_1. For a self-signed certificate. This certificate would only work for ssl verification between the f5 and the server that produced the self-signed certificate.

So if I need ssl verification between f5 and the three servers. Then essentially I would have three self-signed server certificates. Would I need to then create three server-side profiles for each self-signed server certificate? and use a irule like below? Is there a easier way?

when SERVER_CONNECTED  {

switch -glob [LB::server addr] {  
    "192.168.1.1" {
    SSL::enable serverside
    SSL::profile "server1_pool1"
        } 
    "192.168.1.2" {
    SSL::enable serverside
    SSL::profile "server2_pool1"
        } 
    "192.168.1.3" {
    SSL::enable serverside
    SSL::profile "server3_pool1"
        } 
    }
}

Recent Discussions