Manual Chapter : Configuring SSL with mirroring

Applies To:

  • BIG-IP ASM

    21.0.0, 17.1.3, 17.1.2, 17.1.1, 17.1.0, 17.0.0

back-action Connection Mirroring With ASM

Updated Date: 04/15/2026

Configuring SSL with mirroring

You need to create an SSL certificate and custom SSL profile for secure communications between the two mirrored devices.

  1. Enable sys db:

    • tmsh modify sys db statemirror.secure value enable
    • tmsh modify sys db statemirror.verify value enable

  2. On the Main tab, click System > Certificate Management > Traffic Certificate Management > SSL Certificate List and create a new SSL certificate.

    Standard SSL certificates are not supported for this feature.

  3. On the Main tab, click Local Traffic > Profiles > SSL > Server. The SSL Server profile list screen opens. Create a new SSL profile with the created SSL certificate and with “Cache Size” = 0.

    See the BIG-IP System: SSL Administration Guide for more information on creating a custom SSL profile.