Forum Discussion
Chris_Miller
Jan 12, 2011Altostratus
Posted By fujisen on 01/12/2011 07:57 AM
thanks,
I understand SSL client Cert is required on https VIP, to use same irule but can the pool memebers listen on port 443? or it should be on 80
If you want encryption between the LTM and Pool Member (over 443,) then you'll need a serverSSL profile in addition to the clientSSL profile.
Think of it like this:
1. Client Request hits LTM over HTTPS.
2. LTM uses the ClientSSL profile to decrypt the traffic so it can view the request.
3. If sending to the pool member over HTTPS, LTM uses the ServerSSL profile to re-encrypt the traffic (and decrypt it on the way back)