Forum Discussion
NimbostratusSSL Cert for Passthrough
WIll I need to update my SSL certificate with F5 VIP ip's if I plan to use the F5 to passthrough SSL traffic.
Clients will connect to the F5 VIP's but SSL will be handled by the pool members.
6 Replies
natheCirrocumulus
In that case you won't have a client or server ssl profile on the VIP and you don't need to do anything with the certificates.
N
- dan_k_177224
Thanks Nathan. If the F5 uses SNAT, this means the backend pool servers see all connections with a source address of the F5 self ip. Are the back end servers bothered about the source address? I guess not a the SSL cert is essentially a public key isnt it? (Apologies for my lack of knowledge but SSL certs and SSL pass through are new to me)
- nathe
"If the F5 uses SNAT, this means the backend pool servers see all connections with a source address of the F5 self ip" - yes, floating (if exists) takes precedence over the non-floating one. The backend server shouldn't care - this setting will ensure all traffic is returned to the big-ip when the server's default gateway is something else.
You'll need an SSL/TLS certificate and key on the backend web server to decrypt the traffic.
Rgds
N
- dan_k_177224
The SSL cert exists today but native loadbalancing isnt workig as expected so the F5's have been asked to provide loadbalancing with SSL pass through.
So I think your saying there should be no changes needed to the SSL cert's in use today on clients and backend servers?
