help with self-signed server-side ssl cert

Question

I am not sure what I am doing wrong trying to get a server ssl cert installed on the BIGIP.  The application requires (ie there is no way to disable) ssl for client connections. I would like to put the BIGIP in front of this app.  So far I have: 
&nbsp;  
&nbsp; Imported the ssl certificate into BIGIP and verified the properties match those displayed in a browser if I connect to the server directly. 
&nbsp; Created a new Server SSL Profile with this certificate (all others defaulted off serverssl profile) 
&nbsp; Attached the new Server SSL Profile to a virtual server with the appropriate pool, etc. 
&nbsp;  
&nbsp; Thank you for any assistance! 
&nbsp;  
&nbsp;  
&nbsp;

tarsier_90410 · Answer

I should have added: 
&nbsp;  
&nbsp; When connecting to the VS, after a delay I get the "connection interrupted" message from Firefox, and "Cannot find server" from IE.

tarsier_90410 · Answer

Sorry all, problem was the server route table, was not set with BIGIP as default.

hooleylist · Answer

Good to hear you got it working.  For future reference, LTM does not try to validate the server SSL certificate with the default server SSL profile.  So you shouldn't need to import/install the cert unless you need to verify the server certificate.  If the server requires LTM send a client cert, then you would need to create a new server SSL profile with the client cert imported and configured. 
&nbsp;  
&nbsp; Aaron

Forum Discussion

help with self-signed server-side ssl cert

3 Replies

Recent Discussions

Pricing when used with aws waf

F5 Rseries R2600 Tenant sizing

iRule help masking IBM host URL/URI

Need advise to setup a policy on F5

Advise on setting up IRULE

Related Content

Client-side vs Server-side Load Balancing

Server Side Profile not show the certificate

Client side to server side SNI relay iRule

SSL Heartbleed server side iRule

HTTP/2.0 Server-Side Traffic