Applies To:
Show VersionsBIG-IP AAM
- 12.1.0
BIG-IP APM
- 12.1.0
BIG-IP Link Controller
- 12.1.0
BIG-IP Analytics
- 12.1.0
BIG-IP LTM
- 12.1.0
BIG-IP PEM
- 12.1.0
BIG-IP AFM
- 12.1.0
BIG-IP DNS
- 12.1.0
BIG-IP ASM
- 12.1.0
Managing Client-Side HTTP Traffic Using a Self-Signed Elliptic Curve DSA Certificate
Overview: Managing client-side HTTP traffic using a self-signed, ECC-based certificate
When you configure the BIG-IP® system to decrypt client-side HTTP requests and encrypt the server responses, you can optionally configure the BIG-IP system to use the Elliptic Curve Digital Signature Algorithm (ECDSA) as part of the BIG-IP system's certificate key chain. The result is that the BIG-IP system performs the SSL handshake, usually performed by target web servers, using an ECDSA key type in the certificate key chain.
This particular implementation uses a self-signed certificate.
Task summary
To implement client-side authentication using HTTP and SSL with a self-signed certificate, you perform a few basic configuration tasks.
Task list
Creating a self-signed SSL certificate
Creating a custom HTTP profile
Creating a custom Client SSL profile
Creating a pool to process HTTP traffic
Creating a virtual server for client-side HTTP traffic
Implementation results
After you complete the tasks in this implementation, the BIG-IP® system encrypts client-side ingress HTTP traffic using an SSL certificate key chain. The BIG-IP system also re-encrypts server responses before sending the responses back to the client.
The certificate in the certificate key chain includes an Elliptic Curve Digital Signature Algorithm (ECDSA) key and certificate.