Forum Discussion
Bernard_9303
Nimbostratus
Feb 03, 2009SharePoint Server with SSL Offloading Configuration Issue
Hi,
I am trying to configure Big-IP for SharePoint SSL offloading. Behind the Big-IP are 2 sharepoint front end servers.
I created the virtual server and pool as per the ...
Ryan_Korock_46
Feb 10, 2009Historic F5 Account
Bernard, as long as the SharePoint servers are configured to use the same hostname as was assigned to the certificate, there is nothing technically* that stops you from putting the same certificate on the BIG-IP and the SharePoint servers. You may not have to do any exporting or cert manipulation do accomplish this.
* I only put this caveat here because it is worth mentioning. Some certificate authorities believe that a certificate is valid only for a single server, and using it for more than one server is a violation of the usage rights. They would like you to purchase a cert for every server. I would read up on the user license that applies to the cert you bought from the CA to find out if this is the case for you or not.
By the way, what is the customer's end goal? It sounds like they do not want to terminate the SSL on the BIG-IP at all, and just load balance the encrypted traffic untouched. Is this the case? If so, you shouldn't need to load the cert on the BIG-IP. The only reason you would want the cert on the BIG-IP & the servers is if you intended to terminate the SSL, and then re-encrypt it before it was sent to the servers. Some customers do this as it gives them the option to inspect the traffic on the BIG-IP, however the traffic is never unencrypted on the wire.
Regards
Ryan
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects