SSL Encryption with Default server ssl profile

Question

How does SSL encryption happens with default server ssl profile?
Why does the certificate needs to be the same on LTM and pool members? Can the certificate on client-ssl profile and pool members have the same hostname but different intermediate and root certificate?&nbsp;

rob_carr · Answer

How does SSL encryption happens with default server ssl profile?
&nbsp;This is a really big question, can you perhaps offer a bit more focused question?&nbsp;
Why does the certificate needs to be the same on LTM and pool members?&nbsp;
The certificate configured on an SSL enabled (e.g. has a clientssl profile) does not need to match the certificate configured on the pool members.  It's common to have a commercially signed certificate on the VIP and self-signed certificates on pool members.&nbsp;
Can the certificate on client-ssl profile and pool members have the same hostname but different intermediate and root certificate?
&nbsp;I can't see any reason why not.  The serverssl profile, which controls negotiation of SSL between the BIG-IP and pool members doesn't need a validated certificate on the pool member, it just needs any certificate in order to be able to negotiate a connection.&nbsp;

rob_carr_76748 · Answer

How does SSL encryption happens with default server ssl profile?
&nbsp;This is a really big question, can you perhaps offer a bit more focused question?&nbsp;
Why does the certificate needs to be the same on LTM and pool members?&nbsp;
The certificate configured on an SSL enabled (e.g. has a clientssl profile) does not need to match the certificate configured on the pool members.  It's common to have a commercially signed certificate on the VIP and self-signed certificates on pool members.&nbsp;
Can the certificate on client-ssl profile and pool members have the same hostname but different intermediate and root certificate?
&nbsp;I can't see any reason why not.  The serverssl profile, which controls negotiation of SSL between the BIG-IP and pool members doesn't need a validated certificate on the pool member, it just needs any certificate in order to be able to negotiate a connection.&nbsp;

raghavendrasy · Answer

In simple layman language client SSL profile is encrypting the traffic from end user to virtual server on F5 and server ssl profile is encrypting the traffic from F5 to servers.&nbsp;

Forum Discussion

SSL Encryption with Default server ssl profile

Recent Discussions

SNI Sites not taking correct certificate.

How to Renew F5 Device Certificate

irule to enable http/2 acceleration

Service discovery is not happening in AS3

How to implement LTM forward proxy client to determine the diversion pool based on the domain name

Related Content

Decrypt, Encrypt, Decrypt, Encrypt, Encrypt....

Let's Encrypt

Load Balancing TCP TLS Encrypted Syslog Messages

Encrypting Cookies

Let's Encrypt on a Big-IP

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS