Nimbostratus
I have been trying to understand how SSL work and how certificate & key get validated. Could you please provide me any good document which has step by step communication between client->Bigip-> server.. Please
Thanks
Nityanand
Cirrostratus
I can give you some general information on clientside and/or serverside SSL. There are a lot of options for client and/or server SSL. But I think it would be easier if you gave more detail on what you'd like to implement.
If you pass the SSL through unencrypted, LTM does no validation of the client or server certificates. If you decrypt the SSL with a client SSL cert, by default, LTM does no validation of any certificate the client provides. LTM can optionally request or require a client certificate using a client SSL profile or a client SSL profile and an iRule. LTM can validate this client cert against a CA certificate that you import and specify. If you have a license for it, LTM can validate a client cert against a remote server like OCSP, LDAP, AD, etc.
By default for a server SSL profile, LTM does no validation of the server's SSL certificate. However, LTM can validate the cert against CA certificate that you import and specify.
For details on the Client SSL profile options, you can check SOL10167 and/or the LTM config guide for your version:
SOL10167: Overview of the ClientSSL profile
https://support.f5.com/kb/en-us/solutions/public/10000/100/sol10167.html
Aaron