Forum Discussion
Lee_Sutcliffe
Aug 20, 2018Nacreous
You require a certificate on your backend server when you want to encrypt the communication from the F5 to your backend server. Typically you would have a client SSL certificate too, encrypting communication between the client and the F5. This is commonly known as 'end-to-end encryption'.
You will need to maintain certificates on both your F5 (client-ssl) and separately on your web server.
You can use the server-ssl profile to instruct F5 that the backend is using encryption and to initiate a TSL handshake.
If you don't have certificates on the bankend server, you do not need a server-ssl profile. You would simply terminate SSL on the VIP and send un-encrypted traffic to the backend. This is typically known as 'SSL offload'