Forum Discussion
Testimony
Nimbostratus
NimbostratusVIRTUAL SERVER ISSUE
I configured two different pools on different ports (80 and 443). both pools have the same virtual server with it VIP. The pool on port 80 was used as a trial for the project while the pool on 443 wa...
Mayur_Sutare
MVP
MVPHi,
suppose you are accessing VIP on 443 and you have attached 443 pool to it.
- If you want to terminate SSL on web-server (backend server), no need to configure any Client and Server SSL profile on the VIP. Just you need to make sure proper certificate is configured on the server itself. So that certificate will be presented to the client during SSL handshake. This would be SSL pass through for F5.
2. Now if you want to terminate SSL on F5 itself. For this, you need to configure Client SSL and Server
SSL profile on the VIP where 443 Pool will be attached. Client SSL profile will include the actual certificate that will be presented to client during SSL handshake. For Server side SSL, you can simply configure default SSL profile available on F5 i.e. serverssl-insecure-compatible. Client SSL would be used for secure session between client and F5. Server SSL will be used for secure session between F5 and backend web server. This would be SSL bridging.
As per your configuration, you can choose option 1 or 2.
Hope it helps!
Mayur
TestimonyThanks Mayur.
I tried the second option you gave to me and it only worked for the APP server but when i tried it on the web server, all the pool member turns RED only the virtual server turns blue and hence it did not work. Please how do i go about this SSL pass through for F5.? I will appreciate if you can give me the guideline to doing it, i have tried going through it but i couldn't get it done.
Once again, thanks for been there for me always. I will appreciate your swift responses.