SSL certificate

Question

Hi , 
 May I please know that if you install a certificate on the F5 ltm on the client side , does it mean that you dont need any certificates on the server side at all , if you wish to send the traffic unencrypted on the server side. So are we actually saving on the certificate cost now , since the F5 needs only one cert vs like 3 certs if there were 3 servers&nbsp;
Thanks&nbsp;

dragonflymr · Answer

Hi,&nbsp;
If your are doing SSL Offload (BIG-IP is decrypting traffic from clients and send unencrypted to backend servers) then yes, only certificate you need is one for clientside SSL profile - could be one originally used by your backend server if CN or SAN fields are matching FQDN configured for your Virtual Server IP on BIG-IP.&nbsp;
Piotr&nbsp;

vadim_yakovlev_ · Answer

Exactly. In fact, if you're talking about web servers, and server-side traffic is unencrypted - that is, plain HTTP - there is simply no technology for server to present a certificate, since TLS level is absent.

Forum Discussion

SSL certificate

2 Replies

Recent Discussions

Reverse Proxy Not Behaving

F5 terminal - help to run commands - disk space full

vulnerabilities-CVE-2020-16150 & CVE-2013-0169

google autenticator broken barcode

Error while running ansible

Related Content

Thumbprint of the client ssl certificate

Implementing SSL Orchestrator - Certificate Considerations

SSL Certificate Report

Automate Let's Encrypt Certificates on BIG-IP

Re: Management Certificate