Forum Discussion
MW1
Cirrus
CirrusSSL server profiles - does it validate the certificate?
All,
while I have read the KB I am still not clear how much validation the F5 LTM does of SSL certificates on backend servers(i.e. ones in a pool) when using a server SSL profile.
I have a sit...
uni_87886
Cirrostratus
CirrostratusThe default serverssl profiles do not validate the remote certificate. There is a flag to enable validation. I have many services set up with the default profile, with no certificate specified.
Mike_Maher
Nimbostratus
NimbostratusSetting up a server ssl profile with a certificate and key is not done to validate the certificate on the server in the pool it is done if you are doing 2 way ssl or authentication with a client certificate. When you put a cert and key there you are sending that certificate for authentication, if are all you are doing is standard ssl encryption you don't need to put anything in those fields. If you are looking to have the Big-IP make sure that the certificate on the server is a valid certificate (similar to how a browser validates the server cert) then use the Server Authentication section that you are referring to. Set it to required and set the appropriate action for expired and untrusted certificate.
