Forum Discussion
Jun 11, 2019
F5 works as a full-proxy infrastructure, having a client-side (connection between external clients and F5) and a server-side (connection between F5 and the backend server, where F5 takes a role of client).
Taking this into account
1) The Client SSL profile certificate must be upgraded, yes or yes (to avoid TLS errors during customer navigation)
2) The Backend Certificate should be upgraded, but it could be unmodified (because you could modify your server SSL profile to not warn possible TLS errors)
I encourage you to read this doc about server SSL profile
https://support.f5.com/csp/article/K14806
Sections:
- Expire Certificate Response Control
- Untrusted Certificate Response Control
KR,
Dario.