Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Answers

SSL Encryption with Default server ssl profile

How does SSL encryption happens with default server ssl profile? Why does the certificate needs to be the same on LTM and pool members? Can the certificate on client-ssl profile and pool members have the same hostname but different intermediate and root certificate?

0
Rate this Question

Answers to this Question

placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

How does SSL encryption happens with default server ssl profile?
This is a really big question, can you perhaps offer a bit more focused question?

Why does the certificate needs to be the same on LTM and pool members?
The certificate configured on an SSL enabled (e.g. has a clientssl profile) does not need to match the certificate configured on the pool members. It's common to have a commercially signed certificate on the VIP and self-signed certificates on pool members.

Can the certificate on client-ssl profile and pool members have the same hostname but different intermediate and root certificate?
I can't see any reason why not. The serverssl profile, which controls negotiation of SSL between the BIG-IP and pool members doesn't need a validated certificate on the pool member, it just needs any certificate in order to be able to negotiate a connection.

0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

In simple layman language client SSL profile is encrypting the traffic from end user to virtual server on F5 and server ssl profile is encrypting the traffic from F5 to servers.

0