For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

basemsousan1985's avatar
basemsousan1985
Icon for Nimbostratus rankNimbostratus
Dec 29, 2016

SSL Bridging issue

Hi Guys,   Actually, I am new regarding to SSL operations.   I am going to create a Virtual Server which will plays SSL bridging between the clients and the nodes,   between the Virtual...
application delivery
BIG-IP
LTM
Kevin_Stewart's avatar
Kevin_Stewart
Icon for Employee rankEmployee
Dec 29, 2016

You specifically asked about the server SSL profile. In the server side SSL handshake, where the BIG-IP is the client, the server will send its certificate. The default behavior of the server SSL profile is to ignore any validation errors, so you can simply just use a generic server SSL profile. You can, optionally, require the server SSL profile to validate the web server's certificate, in which case you'd need to add a CA bundle to that profile and set the appropriate options in the Server Authentication section of the profile.

 

But again, you shouldn't normally have to do any of this. The default behavior is to ignore validation errors, so a generic (unmodified) server SSL profile will usually do just fine.