NimbostratusHi Everyone,
Could you please let me know if we can use the client certificate which we used in client profile for Server profile as well . If not ,then why we should not use it .
Thanks ,
Mohammad.
Yes, of course you could use it.
The common idea with SSL profiles is to use a certificate signed by a public CA in the client side and to use a selfsigned certificate (or signed by an internal CA) in the server side. This will help you to save money.
Actually, I would only pay for a certificate signed by a public CA in client side and when this service is exposed to internet...
KR,
Dario.
NimbostratusHi Dario,
Thanks for the quick answer . But I have a one more question , are there any conditions for the server SSL for having the certificate and key in it . Or it is just another kind of client certificate between server --f5 LTM.
Thanks ,
Mohammad.
A server SSL profile is the way you have to configure TLS communication between F5-Backend (remember that the TLS communication is iniciated in the client with a TLS Hello message).
This communication could be established only using one certificate-key in your backend server or using a certificate-key in both sides (F5 server-side and backend server).
For this reason, you can have a server SSL profile using certficate-key or not.
# list ltm profile server-ssl serverssl { cert key }
ltm profile server-ssl serverssl {
cert none
key none
}
# list ltm profile server-ssl serverssl-test { cert key }
ltm profile server-ssl serverssl-test {
cert mycert_test.crt
key mycert_test.key
}There is no specific considerations in your Server SSL configuration.
KR,
Dario.