JRahm
Admin
Admin>>I have a question.... in the case where both client and server ssl profiles are enabled, do we need a certificate in the server ssl profile?
only if your server requires client certificates to negotiate SSL.
>> how does encryption/decryption happen in the following scenarios?
>> 1- there is no certificate in server ssl profile, there is certificate on the server
same as no certificate in your client with a certificate on the BIG-IP for offload.
>> 2 - there is certificate in server ssl profile, there is certificate on the server, both the certificates are same
you should not use a server certificate in a client cert role. The server ssl profile is for the BIG-IP as a client to your servers, so you should have a client cert in there.
>> 3 - there is certificate in server ssl profile, there is certificate on the server, both certificates are different.
if there is no certificate on the server, then there is no need to re-encrypt from BIG-IP to the server, and therefore no need for a server ssl profile.
Just for clarification:
Complete Offload (no ssl to server):
client->BIG-IP(client ssl)->server
Offload & Re-encrypt to server:
client->BIG-IP(client ssl)->BIG-IP(server ssl)->server