08-Feb-2023 05:50
Hi,
I have a configuration with VS in https, the backend server carries a certificate, I have configured standard F5 SSL profiles (client/sever), however when the client accesses VS, he has an unsecured connection message in his browser , I think the error would come from the autosigned (defautl) certificate on F5 ? , how to erase this message, it is constraining for the user.
Thanks
08-Feb-2023 05:57
Yes, that because of the self signed certificate, that the clients browser gets presentet. You have to deliver a propper certificate and chain for your service.
08-Feb-2023 06:04
Hi ,
Thanks for your answer,
I could import the existing certificate in the server and add it in F5? could you tell me how to do it and what is the procedure?
Thanks,
08-Feb-2023 06:20 - edited 08-Feb-2023 06:21
This info can be found pretty easy and is very good explained on f5 websites. Take a look here: https://my.f5.com/manage/s/article/K14620
08-Feb-2023 07:09
H,
Really thanks , so question , therefore, it is impossible to bypass the error message displayed on the browser without adding a certificate on the F5, is it mandatory? there is no other solution without adding the certificate on the F5, because we already have one on the backend server ?
Thanks
08-Feb-2023 07:28 - edited 08-Feb-2023 07:58
If you don't need to terminate a SSL session on the F5 (for example to look into the http headers, manipulate content, oder do some irule shenanigans like url base loadbalaning, you don't neet to do ssl on the f5 at all.
Just use a Performance Layer (Layer 4) type for your VS and the F5 will only do Layer 4 Loadbalancing. You are then a bit of limited in things like load-balancing and persistence. Also TCP optimizations towards client and server are not possible.
Keep in mind, that the VS type will handly traffic differently and you might loose some features.
Overview of all types: https://my.f5.com/manage/s/article/K55185917
Overview of how TCP is handled by the different VS: https://support.f5.com/csp/article/K8082
08-Feb-2023 11:07
Thank you !