Hello all, kinda new to certs but trying to find out if installing the cert on the F5 must also be installed on the iis servers. So if I have 2 iis webservers both hosting the same website(example.com), currently both being load-balanced and monitored by the F5. I generated a CSR on the F5 for example.com and sent to CA. I got back the cert from CA and I threw the key, the cert and the intermediate cert on the SSL client profile, then I put the cert and key on the SSL server profile. I followed these steps based on F5 articles
- If I install the cert chain on the SSL client profile and SSL server profile like I mentioned above, does this mean that the F5 is now doing full SSL offloading? where the traffic is not encrypted between the F5 and server?
- Do I also need to install the certs on the webserver if my intention is to do SSL offloading? based on what I'm reading online, it seems I do not need to do so, but can't be sure. I'm attempting to take as much work away from the servers as I can.
- Let's say I have changed our internal dns to point exmaple.com to my VIP and If my servers were not ready to accept connections just yet, but I have installed the SSL client/server profiles, can I somehow see the certificate from a browser if I try to hit the VIP in the browser. I understand that the servers can't deliver any content because they are not ready yet, but could I view the cert on a browswer since it is at least installed on the F5?
No comments:
Post a Comment