For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

rpalacios_79340's avatar
rpalacios_79340
Icon for Altostratus rankAltostratus
May 19, 2009

Terminating SSL on F5.

Hello guys,     I read that you can use the F5 to offload SSL certificate-verification tasks from client and server systems.     I have a few questions about this configuration; ...
config
design
James_Quinby_46's avatar
James_Quinby_46
Historic F5 Account
May 19, 2009
1. Not painful at all. You'd need a virtual server listening on port 443, and then assign an SSL profile to it which referenced the certificate and key.

 

 

 

2. SSL is offloaded to hardware on the F5, which means that it's a whole lot faster. Plus, all the certs and keys are in one place which is a lot easier to manage.

 

 

3. To terminate SSL between the LTM and the browser, you need the serverssl profile. Use the clientssl profile if you want to renegotiate SSL between the LTM and the webserver.

 

 

4. They can be imported. If your webserver can export a PKCS certficate, this SOL:

 

 

https://support.f5.com/kb/en-us/solutions/public/2000/300/sol2323a.html

 

 

...walks you through the PEM conversion process.

 

 

Hope this helps,

 

 

JQ