In this Lightboard Post of the Week, I answer a few questions about SSL/https on Virtual Servers. BIG-IP being a default deny, full proxy device, it’s important to configure specific ports, like 443, to accept https traffic along with client and server side profiles and include your SSL certificates. We cover things like SAN/SNI certificates but I failed to mention that self-signed certificates are bad anywhere except for testing or on the server side of the connection.
Posted Questions on DevCentral:
- https on virtual server
- LINKING SSL CERTIFICATE TO A VIRTUAL SERVER
- SSL CERTIFICATE KEY
- Maximum number of client SSL profiles per virtual server?
- Need to support thousands of unique SSL certificates on a single VIP
This is a Security Bloggers Network syndicated blog post authored by psilva. Read the original post at: psilva's prophecies