I understand I can have a single serverside profile for the virtual server and I also can select a serverside profile for a specific pool as I do with below rule.
when SERVER_CONNECTED {
switch -glob [LB::server pool] {
"POOL_1" {
SSL::enable serverside
SSL::profile "serverssl_pool1"
}
}
}
What I wondering is. If I have three servers for POOL_1. For a self-signed certificate. This certificate would only work for ssl verification between the f5 and the server that produced the self-signed certificate.
So if I need ssl verification between f5 and the three servers. Then essentially I would have three self-signed server certificates. Would I need to then create three server-side profiles for each self-signed server certificate? and use a irule like below? Is there a easier way?
when SERVER_CONNECTED {
switch -glob [LB::server addr] {
"192.168.1.1" {
SSL::enable serverside
SSL::profile "server1_pool1"
}
"192.168.1.2" {
SSL::enable serverside
SSL::profile "server2_pool1"
}
"192.168.1.3" {
SSL::enable serverside
SSL::profile "server3_pool1"
}
}
}