For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Born_7758's avatar
Born_7758
Icon for Nimbostratus rankNimbostratus
Jun 21, 2011

SSL Offloading

Hello Everyone,

 

 

I am trying to put together an iRule that will terminate a client-to-F5 SSL session and establish an new SSL session for F5-to-server. I am pretty new at this, but here is an iRule I wrote that seems like it would do what I want it to do but I would like to get some input from you guys before I submit it.

 

 

 

when CLIENT_ACCEPTED {

 

SSL::disable clientside

 

SSL::enable serverside

 

}

 

 

 

 

Thanks in advance.

 

 

 

application delivery
dev
devops
iRules

4 Replies

  • hoolio's avatar
    hoolio
    Icon for Cirrostratus rankCirrostratus
    Jun 21, 2011
    Hi Born,

     

     

    You don't need an iRule for this. Just add a client SSL and server SSL profile to the virtual server. You'll want to import the server SSL cert and key and create a custom client SSL profile to do this.

     

     

    Aaron
  • Born_7758's avatar
    Born_7758
    Icon for Nimbostratus rankNimbostratus
    Jun 21, 2011
    Oh okay.

     

     

    If I am given a *.p7b file and a .cer file, which one is used for which? Or are they both used to create the custom clientssl profile?
  • hoolio's avatar
    hoolio
    Icon for Cirrostratus rankCirrostratus
    Jun 21, 2011
    p7b should be a pkcs7 cert file. cer should be a DER cert and key file. To import the cert(s) and key, convert them to PEM format. You can use openssl on LTM to do this:

     

     

    http://support.f5.com/kb/en-us/solutions/public/6000/500/sol6549.html?sr=150954423

     

    http://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/ltm_configuration_guide_10_1/ltm_appendixc_openssl.html?sr=15095454

     

     

    x509 –in cert.der –inform DER –out cert.pem –outform PEM

     

     

    Aaron