For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Subrun's avatar
Subrun
Icon for Cirrostratus rankCirrostratus
Apr 09, 2019

SSL Cert need to import at Server Side as well when Only Client SSL configured at F5 ?

hello all ,   i am doing cert renew task for one of my clients application. for that I created the csr from F5 and provided to other team and in return they provided me the SSL Cert with Public K...
application delivery
LTM
youssef1's avatar
youssef1
Icon for Cumulonimbus rankCumulonimbus
Apr 09, 2019

Hi,

 

to summarize you have a backend server that listens in HTTP. so you do offload ssl on F5. your question is completely legitimate.

 

some application listens on 2 different ports http and https. for security reasons the application owner restricts HTTP access to force the user to use the https port.

 

the reasons can be mutltiples:

 

  • the access to the service passes through the F5 https securely. then in http on the backend server for optimization reasons (knowing that using the https consumes resources).
  • since they have a service that listens in HTTPs. they want to have a valid certificate even if the service is not used (in case of migration on the https port they will already be ready on their side ...)

in your case you should exchange with the application owner to offer him to do ssl bridge (ssl from client to F5 then re-encrypt from f5 to backend, in order to enhance security).

 

Keep me in touch if you need more help.

 

regards