explanation on SSL virtual Server

Noctilucent

Mar 20, 2014

The client SSL profile should contain the backend server certificate and key, so as to have the LTM behave as if it is the server (unknown to the client). In most cases, the default SSL server profile can be used.

When you had only the SSL client profile applied, you were essentially offloading the SSL at the LTM. Communications between the client and LTM were SSL encrypted, but the LTM was sending traffic to the backend server without SSL.

When you had only the SSL server profile applied, the LTM was not accepting SSL connections from the client, but would talk SSL to the backend server.

By applying both the client and SSL server profiles, you essentially created SSL from end to end. The exception being your LTM terminated the SSL, proxied the session, and then re-encrypted it to the backend server.

Proxy SSL is a configuration used to preserve any type of client certificate presentation for authentication to the backend server. If you don't need any client certificate based authentication, then you won't need to use this feature.

Forum Discussion

explanation on SSL virtual Server

Recent Discussions

Converting config to DO

iRule resulting in too many redirects

Wildcard SSL Certificate Deployment on F5 LTM

URL

Big-IP Next 20.2.0-2.375.1+0.0.43 iRule count problem

Related Content

Tmsh command - virtual address list vs virtual server IP list (discrepancy)

LDAPS account interception through Virtual Server - Is it possible

Block Active-Sync on Virtual Server

Script to find virtual servers with connection mirroring enabled

I can't create a virtual server on f5