Implementing external cryptographic server offload
Hi All,
Need your assistance in setting up crypto offload/Keyless SSL between two Bigip.
I got a PDF for set up but it does not explain everything .
https://support.f5.com/content/kb/en-us/products/big-ip_ltm/manuals/product/bigip-cryptographic-offload-implementation-11-6-0/_jcr_content/pdfAttach/download/file.res/BIG-IP_System__External_Cryptographic_Server_Offload_Implementation.pdf
Steps i followed : 1. Create VIP to which client will connect , it will have client-ssl as it will be offloading SSL from backend servers . But what i need to provide in cert and key i guess this should be publiec cert of the website user is trying to access , i tried to just put cert as key for decryption will be in other crypto server BIGIP .But you cannot do this , key needs to be mentioned along with cert in profile.
- Create server ssl profile and assign it to crypto client created with IP and port which i have opened in destination BIGIP . IP used is management address.
3.Then in destination created clientssl profile and assigned it to crypto server .
But it is not working , please if someone has implemented it , can share your views .
Best Regards