Forum Discussion

Nimbostratus

Jul 21, 2009

certificate for serverssl

I'm grappling with what it means to have a certificate for a "serverssl" profile, between the F5 Big-IP LTM and the back-end server. (I have a paranoid application owner who wants to do this, and it...

config

design

hooleylist

Cirrostratus

Jul 21, 2009

For server side SSL, LTM will be acting as a client. So the app owner should generate a client cert from his server certificate. You can then install it on LTM. As you guessed, you should configure it for the server SSL profile and for an HTTPS monitor. The health monitor just needs to be assigned to the pool member(s) which you want to monitor--you shouldn't need to configure which LTM self IP addresses use the cert. The requests will be made from each unit's static self IP address to the pool members.

I think the server SSL profile can be configured to validate the CN of the server cert. I don't have a box in front of me to double check this. But you should be able to read the LTM config guide for your version or the online help for details.

Aaron

Forum Discussion

certificate for serverssl

Recent Discussions

F5Access | MacOS Sonoma

Content type hearder charset=UTF-8

Web acceleration

Create a CSR and Key using the BigIP LTM GUI when renewing a certificate

Enterprise Security best practices with F5 WAF

Related Content

Automating ACMEv2 Certificate Management on BIG-IP

Re: Management Certificate

Activate serverssl profile in iRule

Automate Let's Encrypt Certificates on BIG-IP

My Security+ Certification Journey