Forum Discussion

Nfordhk_66801's avatar
Nfordhk_66801
Icon for Nimbostratus rankNimbostratus
Jan 23, 2015

Using ServerSSL Profiles

Hi,   I am interested in using ServerSSL profiles to secure connectivity from the client to the end host but I have some confusions about the process. Right now our setup looks like this:   Two...
application delivery
design
LTM
security
serverssl
ssl
JG's avatar
JG
Icon for Cumulonimbus rankCumulonimbus
Jan 23, 2015

One simple way to understand how this works is to think like this:

 

1.

 

The end-user connects to F5 as the server, and F5 has to present an SSL certificate to prove its identity to the end-user. You need to do everything right here to offer top security.

 

2.

 

The F5, as a client, connects to the application server, and the application needs to present an SSL certificate to prove its identity to fulfill the requirement of the SSL protocol.

 

There is a lot of flexibility in 2, depending on your security requirement. If all you need is only encrypted traffic, you can just use a self-signed certificate on the application server. The default serverssl profile on F5 is configured to ignore certificate checking.