Forum Discussion
m1978_295079
Nimbostratus
NimbostratusSsl server profile , server authentication
Hi All, i have a situation where the F5 LTM is setup with a virtual server listening on port 80 from client, load balancing a pool listening on port 443. I have a server ssl profile with default configuration (without any certificate). I can see traffic is encrypting between f5 and pool member. Now server team wants f5 to authenticate the server, but they are not sure what sort of certificate they have to provide to me, so that i can use it in F5 server ssl profile for server authentication ? All they know they got host certificate from CA. Could anyone guide me in this regard ?
Thanks in advance
Narendren_S_658Common name of host certificate will be the server hostname. If you have more than one backend servers it is advisable to use domain certificate instead of host certificate.
For domain certificate, common name will be the domain name registered for your application. Since all the backend servers have the same application and same domain certificate can be used at all the backend_server applications and at F5 server side ssl profile.
If F5 client side is SSL port, there also you can use the same domain certificate.
m1978_295079Thanks for the reply Naren, i will pass this information to our server team. Now in server ssl profile i can see under server authentication , i need to enter authentication name as well and certificate...i beleive next question they will ask me how to get the authentication name ?
You might also want to check out this article on this topic.
https://devcentral.f5.com/articles/ssl-profiles-part-9-server-authentication
It's probably enough to set 'Server Certificate' to 'Require' and upload/select the CA that is to be trusted (the CA that signed the host certificate).
