Forum Discussion
NimbostratusSSL Certificate
Can we use the same ssl certificate in both client ssl profile and server ssl profile.?
What are the advantages of using the ssl certificate in both profiles?
And what are the disadvantages of not using the same SSL certificate in both?
2 Replies
- Aswin_mk
MVP
Hi,
Yes, F5 allows it. If the backend server expects the same certificate or trusts only a specific certificate (mutual trust), using the same one might make sense.
The main advantage it is simple trust model - If the backend server does SSL verification and only trusts specific certs, using the same cert can make things easy. Also If mutual TLS is required, the same certificate (or CA chain) may help streamline it.
The main disadvantage is - It’s generally not best practice to reuse the same cert between public-facing and internal services. Separation reduces attack surface.
Always using different certificate is best practice
BR
Aswin - Injeyan_Kostas
Nacreous
Hello Rajasekhar_M ,
You definetelly can use same certificate for both client ssl profile and server ssl profile.
The question is what you try to achieve?
Client SSL is the certifacate F5 will present to the user or the system in fron of it while Server SSL is the one F5 will use to do SSL handshake with the backend server.So it depends what your server is expecting. Does it needs mTLS anf if yes what certs does it trust?
That said it doesn't really matter which you use in Server SSL profile if there is no need for mTLS since F5 is the one initiating the connection, and it will just need to trust the server’s certificate, not necessarily present one
