Forum Discussion

Ajit's avatar
Ajit
Icon for Altostratus rankAltostratus
Apr 07, 2016

Server side SSL on F5

Hello Team,

 

I have never configured server side SSL on the F5 in the past. This is my first time.

 

Do i need a certificate & key from the server itself for server ssl or do i generate a CSR from the F5 & provide it to server team to provide me certificates in return?

 

How does it work? Also, i have 2 servers in the pool so do i need certificates from both servers?

 

I am quite confused about server ssl. What should be the URL in the case of server ssl?

 

Thanks in advance !

 

Ajit

 

BIG-IP
LTM
security

2 Replies

Sort By
  • Daniel_Varela's avatar
    Daniel_Varela
    Icon for Employee rankEmployee
    Apr 08, 2016

    Hi Ajit, Serverssl profile will help you to configure the ssl connection on the server side. The important thing to keep in mind is that on the server side the big-ip acts as a client for the backend servers (and so they able to manage ssl).By default, the default serverssl profile cover 90% of the cases. This changes when you need to present a specific certificate+key to the backend servers or you need to configure ssl forward for example. If recommend you to have a look to this solution article as it explains the serverssl profiles in detail: https://support.f5.com/kb/en-us/solutions/public/14000/800/sol14806.html

     

  • Vitaliy_Savrans's avatar
    Vitaliy_Savrans
    Icon for Nacreous rankNacreous
    Apr 11, 2016

    Hi Ajit, in addition to Daniel reply.

    If you want to control certificates on server's side you need to go to:

      Local Traffic››Profiles:SSL:Server››profile_name:Server AuthenticationCustom:Server Ceritiface 
  put to "require".

    Also you need to choose appropriate certificate of the issuer CA in section "Trusted Certificate Authorities ". If you put to check Server certificate to "ignore" be aware only of proper cipher suites between F5 and beckend servers.