Forum Discussion

rs's avatar
rs
Icon for Nimbostratus rankNimbostratus
Sep 24, 2020

Server SSL profile F5 query

Hi Team ,

 

Just want to check if we have a pool member server listening on port 443 and VIP on port 80 then connection between F5 and pool member server would be encrypted and client to f5 would be unencrypted.

My query is that if we use Server SSL profile then F5 act as a client and server present its certificate to F5 , However I noticed in server ssl profile server certificate option is selected none which means F5 does not try to verify the certificate presented by server whether it is expired or vlaid , However at the same time expire and untrusted response certificate is selected as drop ..

 

If server present non valid certificate to F5 in that case I believe F5 will not try to verify the server certificate as default option is selected none , However untrusted or expire response control cause any issue with it or not ?

Expire and untrusted response control drop option active only when we change server certificate require option to require on

 

Pl check and provide the answer of this query .

 

 

1 Reply

  • yes this works.

     

    the default serverssl profile with server certificate ignore will pretty much allow all certificates.