Forum Discussion
Thanks for this information Stephan. I was not aware of this either. I will read through the link you provided and get this implemented.
However, based on the standard configuration of our VIPs on the BigIP (that I listed in my last reply), are we still doing end to end encryption? I am concerned because currently, we dont add the self-signed certificate to the BIG-IP's "Trusted Certificate Authorities". And from what Rodrigo_Albuque mentioned it means that the self signed cert is not trusted. Therefore is our traffic from the BigIP to our Pool members secure?
I guess, you don´t have activated the setting of Server Authentication : Server Certificate == require in your serverssl profile. So the ca-bundle.crt in the Trusted Certificate Authorities setting will be simply ignored.
It would be required to add the self signed server certificates to a certificate bundle and use it at Trusted Certificate Authorities. If you now modify Server Authentication : Server Certificate from "ignore" (default) to "require" you should be safe.