Public SSL cert on F5 and Self Signed on Server

Question

Hello Folks,&nbsp;
If planning to implement SSL bridging with external cert installed on F5 and backend server uses self signed, would like to know&nbsp;
1) Will clients get an error while accessing the website ?
2) If not, in which case will client get the error as backend server is using self signed cert &nbsp;
I think that clients will not get error as both side connections will be independent but just trying to understand the different scenarios.&nbsp;

justcoolpoole · Answer

Since F5 acts as a full proxy, the client should only interact with the F5 and the server will only interact with the F5.  The external cert (I'm assuming a CA cert) should be applied on the client-side SSL profile whereas your self-signed will be applied on your server-side SSL profile.  
&nbsp;
It should be that simple.  Hope that helps!&nbsp;

patrik_jonsson · Answer

1) Will clients get an error while accessing the website ? 2) If not, in which case will client get the error as backend server is using self signed cert&nbsp;
No, they won't. By default the F5 does not care about the validity of the server side certificate. The client and server SSL profiles are separate in the configuration. The Client profile is used against, no suprise here, the clients, and the server side profile against the server.&nbsp;
Since the F5 is a full proxy just like Shann_P states above the two sides are handled separately.&nbsp;
/Patrik&nbsp;

Forum Discussion

Public SSL cert on F5 and Self Signed on Server

2 Replies

Recent Discussions

Problems connecting to vpn after upgrading to ubuntu 24.04

How to Match Dynamic URI Segments in AS3

GCP F5 deployment - Active -Active with config Sync

Deleting Old Certs

BUG Query

Related Content

Enriching AFM with public domain Threat Intelligence

SSLO in public cloud: Azure inbound L3 use case

POC: Create and sign a JWT with iRule

F5 High Availability - Public Cloud Guidance

F5 BIG-IP SSLO in public cloud: AWS inbound L3 use case