Using LTM to hide an untrusted certificate

Question

I'm new to F5/LTM, and I'm curious if this is possible.

There's an appliance owned by a external vendor that uses a self-signed certificate. The appliance serves up an HTTPS web page on TCP port 443.

The appliance also has a WebSocket (over TLS) connection on a different port.

I have network access to the appliance, but I'm not allowed to make any changes to its configuration.

Is there a way to have the client computer connect to the F5 with a trusted certificate, then have the F5 direct the request to the appliance without getting a cert error on the client?

The goal is to hide the untrusted certificate from the client. I only want the client to see the trusted certificate that's on the F5.

I want to do this for a secure HTTP connection and a WebSocket connection over TLS.

injeyan_kostas · Accepted Answer

Hello,&nbsp;Yes its totally feasible.You will have to create 2 Virtual server.1 for https and 1 for websocket port.Both will present your valid certificate and reencrypt the traffic before sending it to the appliance.You will also need to apply a websocket profile.

Forum Discussion

Using LTM to hide an untrusted certificate

2 Replies

AppWorld 2026: Save the Date and Join Our Community In Person!

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

AS3 for ASM Policy Creation

Round-robin method not load balanced

F5 BGP Peering in Active /Standby Cluster

Expired client-certificate

F5 AI Roadmap

Related Content

Updating SSL Certificates on BIG-IP using REST API

Automating Certificate Management on F5 BIG-IP

Automating ACMEv2 Certificate Management on BIG-IP

Use Kubernetes Cert-Manager to Maintain Let's Encrypt Certificates

Automate Let's Encrypt Certificates on BIG-IP

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS