SSL bridging

When SSL bridging is configured the load balancer decrypts the HTTPS traffic and then re-encrypts it before sending it on to the application servers.

For a system that uses SSL bridging, associate the system virtual server with a client and server SSL/TLS profiles.

The Client SSL/TLS profile is used for clients connecting to the LB, and should be associated with a certificate that includes the entire CA chain, and has the LB name in its Certificate Subject Name.

The Server SSL/TLS profile is used when the LB is connecting to the Application Servers using HTTPS, and does not need to be associated with a certificate. It is needed, however, to make sure that the LB trusts the root CA that signed the Application Servers' certificates.

Example: SSL Client Profile

This example shows how to configure SSL client profile on the F5 BIG-IP LTM.

  • The Client SSL/TLS profile is configured for clients connecting to the LB.

    Configure the SSL client profile