SSL server profiles - does it validate the certificate?
All, while I have read the KB I am still not clear how much validation the F5 LTM does of SSL certificates on backend servers(i.e. ones in a pool) when using a server SSL profile.
I have a situation where the F5 LTM is setup with a virtual server listening on https/443, load balancing a pool also listening on port 443, however we are terminating the SSL on the F5 to inspect the host header before then re-encrypting and sending on to the right pool (i.e. have a client ssl profile on the front and a server ssl profile on the back).
I have inherited the setup and we are now at the point when the certificates on the servers and the F5 needed to be renewed. Looking at the serverssl profile it has been set with the same cert/key pair that is used on the client SSL, however in chain & trusted cert authorities is set to none - appears the only customisation of the profile from the default serverssl profile is the cert/key.
My question is based on the above is the F5 validating the certificate on the servers in the pool at all, and/or if the certificate on the servers in the pool is not updated, but the one on the f5 server ssl profile is (therefore key/cert pair is no longer the same between the f5 and the server, also will eventually be expired) would this result in the F5 failing to proxy on the traffic?
Thanks in advance