Forum Discussion
Mike_Harpe_6170
Nimbostratus
NimbostratusSSL on client side only?
I have an application where the user wants the client side to be encrypted and use port 443. They would like the server side to be on port 80 unencrypted. Essentially they want the F5 doing the encryption while the requests to the server are in the clear on port 80. I've haven't done this before.
Environment is BIG-IP LTM version 9.4.8.
Any help appreciated!
Mike Harpe
US Army Human Resources Command
4 Replies
- Chris_Miller
Altostratus
Mike, this is the most standard "SSL termination" setup.
Here's your steps:
1. Configure a pool with your servers listening on port 80
2. Import or create an SSL cert from your LTM.
3. Create a client SSL profile using the ssl key/cert from step 2.
4. Create a Virtual Server listening on port 443 and under client ssl profile, select the one you created in step 3. For "default pool," use the one you created in step 1.
Let me know if you need anything else. 
Mike_Harpe_6170Ok, got it. Just to make sure I understand, if no 'SSL Profile (Server)' is selected then the server side goes to port 80 regardless of the VIP port setting?- Chris_MillerPosted By Mike Harpe on 09/29/2010 05:51 AM
Ok, got it. Just to make sure I understand, if no 'SSL Profile (Server)' is selected then the server side goes to port 80 regardless of the VIP port setting?
Not necessarily...your server-side port is determined by the default pool. Not selecting a server-side ssl profile simply means you aren't re-encrypting the data between LTM and the pool members. - Mike_Harpe_6170Understood. Thank you so much! This helped me out.
