Outbound SSL connections via F5


I have applications that make HTTPS connections to other servers. Is it possible to somehow use Big-IP so that if the servers request a client certificate Big-IP will add it in? Or can the applications make a regular HTTP request to Big-IP and then Big-IP makes the SSL connection out and adds a client certificate if needed?

Best Answer

Yes, it possible to do both of these.

You can configure the SSL connections between the Big-IP and servers with the server ssl profile. It sounds like you would want to specify a certificate (and key) value in the profile that the Big-IP would present to the servers.

Server ssl profiles and Client ssl profiles are configured separately, so it is possible to use regular HTTP (Client SSL profile set to "none") between your application and the load-balancer, and then HTTPS (w/ client certificate) to the servers.

I suggest looking through the SSL section of the BigIP manual: http://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/ltm_configuration_guide_10_0_0/ltm_ssl_profiles.html for more information.

Related Topic