Forum Discussion
uni_87886
Apr 04, 2014Cirrostratus
The default serverssl profiles do not validate the remote certificate. There is a flag to enable validation. I have many services set up with the default profile, with no certificate specified.
- MW1Apr 04, 2014CirrusBy flag to enable validation is it your understanding that this is the Server Authentication section of the profile -> Server Certificate field drop down box of "ignore" or "required" ?
- Mike_MaherApr 04, 2014NimbostratusSetting up a server ssl profile with a certificate and key is not done to validate the certificate on the server in the pool it is done if you are doing 2 way ssl or authentication with a client certificate. When you put a cert and key there you are sending that certificate for authentication, if are all you are doing is standard ssl encryption you don't need to put anything in those fields. If you are looking to have the Big-IP make sure that the certificate on the server is a valid certificate (similar to how a browser validates the server cert) then use the Server Authentication section that you are referring to. Set it to required and set the appropriate action for expired and untrusted certificate.