Forum Discussion

newbief5_162606's avatar
newbief5_162606
Icon for Cirrus rankCirrus
Aug 09, 2016

SSL server vs client profile

What is the difference between assigning SSL Server and SSL Client profiles? In my current LTM, I have a lot of SSL certificates, but only a few are defined to SSL Client profiles- whereas only 1 or ...
BIG-IP
LTM
security
boneyard's avatar
boneyard
Icon for MVP rankMVP
Aug 09, 2016

you have to look at these from a big-ip point of view, like this:

client side - [client ssl profile ] - big-ip - [server ssl profile ] - server side

the users (clients) are on the client side, their connection is handled by the client ssl profile

the pool members (your actual (web) servers) are on the server side, their connection from the big-ip is handled by the server ssl profile.

so where do certificates matter the most, that is the client side, so in the client ssl profile, that is the certificate that you will see in the browser (for https servers).

unused certificates (so which aren't used in a client or server ssl profile) can be deleted if you are sure they aren't needed any more. on the other side, they don't really hurt you unless you got insane amounts. if they are used you can not delete them.