Forum Discussion

Cirrostratus

Apr 09, 2019

SSL Cert need to import at Server Side as well when Only Client SSL configured at F5 ?

hello all , i am doing cert renew task for one of my clients application. for that I created the csr from F5 and provided to other team and in return they provided me the SSL Cert with Public K...

application delivery

LTM

youssef1

Cumulonimbus

Apr 09, 2019

Hi,

to summarize you have a backend server that listens in HTTP. so you do offload ssl on F5. your question is completely legitimate.

some application listens on 2 different ports http and https. for security reasons the application owner restricts HTTP access to force the user to use the https port.

the reasons can be mutltiples:

the access to the service passes through the F5 https securely. then in http on the backend server for optimization reasons (knowing that using the https consumes resources).
since they have a service that listens in HTTPs. they want to have a valid certificate even if the service is not used (in case of migration on the https port they will already be ready on their side ...)

in your case you should exchange with the application owner to offer him to do ssl bridge (ssl from client to F5 then re-encrypt from f5 to backend, in order to enhance security).

Keep me in touch if you need more help.

regards

Forum Discussion

SSL Cert need to import at Server Side as well when Only Client SSL configured at F5 ?

Recent Discussions

Rundeck ansible F5 errors

What is the meaning is 52% block in WAF

rewrite Azure AD response for portal access via web portal

AS3 Monitoring multiple ports selectively

Open Redirection Mitigation

Related Content

ASM policy Import/Export.

How can I configure Server SSL Profiles to connect to different URLs on the same server?

TMUI / Configuration WebUI - TLS/SSL Configuration - ECDHE

Migrate configuration from physical LTM to virtual

ASM Guided configuration is missing