SSL Profiles Part 1: Handshakes
Updated Mar 24, 2023
Version 2.0Was this article helpful?
only if your server requires client certificates to negotiate SSL.
>> how does encryption/decryption happen in the following scenarios?
>> 1- there is no certificate in server ssl profile, there is certificate on the server
same as no certificate in your client with a certificate on the BIG-IP for offload.
>> 2 - there is certificate in server ssl profile, there is certificate on the server, both the certificates are same
you should not use a server certificate in a client cert role. The server ssl profile is for the BIG-IP as a client to your servers, so you should have a client cert in there.
>> 3 - there is certificate in server ssl profile, there is certificate on the server, both certificates are different.
if there is no certificate on the server, then there is no need to re-encrypt from BIG-IP to the server, and therefore no need for a server ssl profile.
Just for clarification:
Complete Offload (no ssl to server):
client->BIG-IP(client ssl)->server
Offload & Re-encrypt to server:
client->BIG-IP(client ssl)->BIG-IP(server ssl)->server