SSL profile client

Question

Hi,I have a configuration with VS in https, the backend server carries a certificate, I have configured standard F5 SSL profiles (client/sever), however when the client accesses VS, he has an unsecured connection message in his browser , I think the error would come from the autosigned (defautl) certificate on F5 ? ,&nbsp; how to erase this message, it is constraining for the user.Thanks&nbsp;

ichnafi · Answer

This info can be found pretty easy and is very good explained on f5 websites. Take a look here: https://my.f5.com/manage/s/article/K14620

ichnafi · Answer

If you don't need to terminate a SSL session on the F5 (for example to look into the http headers, manipulate content, oder do some irule shenanigans like url base loadbalaning, you don't neet to do ssl on the f5 at all.

Just use a Performance Layer (Layer 4) type for your VS and the F5 will only do Layer 4 Loadbalancing. You are then a bit of limited in things like load-balancing and persistence. Also TCP optimizations towards client and server are not possible.
Keep in mind, that the VS type will handly traffic differently and you might loose some features.

Overview of all types: https://my.f5.com/manage/s/article/K55185917
Overview of how TCP is handled by the different VS: https://support.f5.com/csp/article/K8082

ichnafi · Answer

Yes, that because of the self signed certificate, that the clients browser gets presentet. You have to deliver a propper certificate and chain for your service.Import a propper certificate and chain on the F5Add the certificate and chain to your client-ssl profile (under&nbsp;Certificate Key Chain)

poseidon1974 · Answer

Hi ,Thanks for your answer,&nbsp;I could import the existing certificate in the server and add it in F5? could you tell me how to do it and what is the procedure?Thanks,&nbsp;&nbsp;

poseidon1974 · Answer

H,Really thanks , so question ,&nbsp;therefore, it is impossible to bypass the error message displayed on the browser without adding a certificate on the F5, is it mandatory? there is no other solution without adding the certificate on the F5, because we already have one on the backend server ?&nbsp;Thanks

Forum Discussion

SSL profile client

Recent Discussions

Background Tasks

APM with EntraID as idP / request signed

Should config via cli rather than gui?

APM Modern Customization - modify Header in user-common.js and form in user-logon.js

Which process is consuming higher CPU

Related Content

HTTPS communication and client and server ssl profile

Using iRule to prompt for Client SSL Cert

Configuring Client SSL Profile from TMSH

Need help with SSL handshake failure and client certificates

SSL Profile !EXPORT excludes what exactly?

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS