Forum Discussion
ozdemircili_696
Nimbostratus
NimbostratusSSL Certificates
Hi,
Is there any way to use F5 ssl certificates to server our customers without buying a external ssl certificate?
We need to encrypt the comunication between out clients > F5 > Weblogic servers.
Thank you.
6 Replies
hoolioCirrostratus
You could use a self signed cert generated on LTM or any other host in the client SSL profile. But the clients must have the root or server cert installed in their trusted certificate authority store or they'll get an untrusted cert warning.
Aaron
rpalacios_79340Altostratus
Hello Oz,
You will need to purchase them from your preferred vendor and install them directly onto the F5. From that point on the F5 will be terminating SSL requests.
Please refer to chapter nine on the configuration guide for the instructions.
-rp
ozdemircili_696Hi,
Thanks for the answers. Ill go ahead and have a look at the configuration guide.
Best!- ozdemircili_696Hi,
Just one more thing I need to ask. Let me give you a quick schema of the network:
user enters to www.domain.com using browser > user connects to F5 > F5 load balances the traffic between 2 weblogic servers.
In this case DO I need to have 2 certificates for each server or with just one certificat that I will import to F5 (www.domain.com) will be enough?
We need to encrypt the traffic between the client and F5 not necessarily the traffic between F5 and weblogic servers.
Thank you.
- rpalacios_79340Hey oz,
You just need one SSL cert for all servers participating in the pool. This is the best part about centralizing your SSL certs onto the F5. It is easier to manage, reduces cost and it also offers a more robust environment.
-rp - ozdemircili_696Great! Thanks.
