Forum Discussion
uni
Altostratus
The default serverssl profiles do not validate the remote certificate. There is a flag to enable validation. I have many services set up with the default profile, with no certificate specified.
Mike_Maher
Apr 04, 2014Nimbostratus
Setting up a server ssl profile with a certificate and key is not done to validate the certificate on the server in the pool it is done if you are doing 2 way ssl or authentication with a client certificate. When you put a cert and key there you are sending that certificate for authentication, if are all you are doing is standard ssl encryption you don't need to put anything in those fields. If you are looking to have the Big-IP make sure that the certificate on the server is a valid certificate (similar to how a browser validates the server cert) then use the Server Authentication section that you are referring to. Set it to required and set the appropriate action for expired and untrusted certificate.