Forum Discussion
former_newbie
Nimbostratus
Nimbostratuswhere would the cert for Profile SSL (server) come from
We're putting together an LTM config where we're deploying SSL bridging and have received a signed cert from the CA for the Profile SSL (client). Should the cert for the Profile SSL (server) be comin...
wlopez
Cirrocumulus
CirrocumulusBigIP works as a full proxy.
That means client side connections are independent from server side connections.
When you configure ssl bridging, the clientssl profile handles the encryption between the users and the virtual server. Thus the settings on that profile are what the users see, with the BigIP's virtual server acting as the server. Whatever settings you put into the clientssl profile (Certificate, Key, Chain, encryption protocols, ciphers, etc.) only affect the side the client sees.
On the server side the BigIP acts as an ssl client to the encryption configured on the servers included on the pool. Unless you have a very particular/specific need, you can just assign the default serverssl profile to the virtual server. If you need to tighten up server side encryption, you can always create a new custom serverssl profile based on the default one, adjust whatever settings you need, and assign it to the virtual server, replacing the default one.
Hope that helps.