Forum Discussion
NimbostratusSSL bridging without SSL proxy forward
Dear all,
I would like to implement ssl brigding for SMTPS traffic in my organization. In my case, I would like the client devices to receive the certificate configured in clientssl profile.
When adding the serverssl profile to the virtual server, I get an error:
smtps configuration error: SSL forward-proxy must be enabled
Configuring SSL forward-proxy is not a solution for me, because the clients do not accept SMTP server certificates.
Is it possible to configure ssl bridging for SMTPS without configuring SSL forward-proxy or to configure SSL forward-proxy so that client device get the certificate defined in clientssl profile?
If it is real SMTPS then a TCP Virtual server with client side and server side ssl profiles should do the job.
If it is STARTTLS option then see Securing Client-Side and Server-Side SMTP Traffic | DevCentral as there is a link to an irule as F5 without the irule and just SMTP profile supports Client Side SMTP with TLS and not encrypted server side as seen in Securing SMTP Traffic
2 Replies
- Nikoolayy1
MVP
If it is real SMTPS then a TCP Virtual server with client side and server side ssl profiles should do the job.
If it is STARTTLS option then see Securing Client-Side and Server-Side SMTP Traffic | DevCentral as there is a link to an irule as F5 without the irule and just SMTP profile supports Client Side SMTP with TLS and not encrypted server side as seen in Securing SMTP Traffic
- Aswin_mk
Hi maciek
Could you please verify this f5 article -After upgrading to 14.x or later, we get the error ''SSL forward-proxy must be enabled'' when SMTPS and serverssl profiles are both configured
BR
Aswin
