Forum Discussion

Nimbostratus

Feb 18, 2010

Attaching SSL Certificates

We have forwarding VIP 0.0.0.0 to forward all outbound traffic through the LTM on port 443. Depending on the destination I need to attach a SSL certificate so that the traffic to destination is encryp...

Cirrostratus

Feb 19, 2010

I think you could use a standard (TCP) VIP with a 0.0.0.0/0.0.0.0 or specific host destination. But you'd need an SSL cert/key for each hostname that the client makes a request to, which the client browser accepts as valid. Do you have such a cert? If not, the client would get a mismatched or unchained cert warning from the browser. If you do have such a cert, then with a 0.0.0.0/0.0.0.0 VIP, you could select the client SSL profile based on the destination IP address using an iRule. Or if you do configure a specific VIP for each destination host, you could create a client SSL profile for each cert/key you want to use to decrypt the traffic with.

Aaron

Forum Discussion

Attaching SSL Certificates

Recent Discussions

Disk space full - what files, folders are safe to delete?

ASM instance creation

BIG-IP DNS: Check Status Of Multiple Monitors Against Pool Member

Open Redirection Mitigation

F5Access | MacOS Sonoma

Related Content

Deploying F5 Distributed Cloud (XC) Services in Cisco ACI - Layer Three Attached Deployment

Thumbprint of the client ssl certificate

Deploying F5 Distributed Cloud (XC) Services in Cisco ACI - Layer Two Attached Deployment

Implementing SSL Orchestrator - Certificate Considerations

SSL Certificate Report