Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions
Custom Alert Banner

Are you an expert?    Interested in presenting at F5 AppWorld 2024?    Submit a proposal by Nov 29th!

server SSL Profile setting

Amr_Ali
Cirrostratus
Cirrostratus

‎04-May-2023 11:30

In the Server SSL profile we have under The Server Authentication section of the Server SSL profile ( server certificate )

and the default action is ignore, my question here is what is mean  ignore,  is the F5 will ignore any certificate installed on web server ,

Labels:
4 REPLIES 4

AlanMoen
Cirrus
Cirrus

‎04-May-2023 12:07

It means that the LTM client will not check the validity of the server cert, just that it's there. It won't break things if the cert expires, for example.

Amr_Ali
Cirrostratus
Cirrostratus
In response to AlanMoen

‎04-May-2023 12:21

Do you mean her when the LTM acts as a client during the connection between it and the back-end web server, it accepts any certificate sent from the server even if expired

0 Kudos

AlanMoen
Cirrus
Cirrus
In response to Amr_Ali

‎04-May-2023 12:24

Yes. I found this by accident when one of my AD teams let their server certs expire but the LTM kept chugging along. I'm kinda surprised it's the default setting and I've changed that in my environment for security reasons.

JRahm
Community Manager
Community Manager
In response to Amr_Ali

‎05-May-2023 06:44

@AlanMoen is correct here, just adding the references for others to the Server SSL Profile details covered in knowledge article K14806.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
https://twitter.com/jasonrahm
https://www.youtube.com/devcentral
Copyright © 2023 Khoros, LLC