Applies To:
Show VersionsBIG-IP AAM
- 12.1.5, 12.1.4, 12.1.3, 12.1.2, 12.1.1
BIG-IP APM
- 12.1.6, 12.1.5, 12.1.4, 12.1.3, 12.1.2, 12.1.1
BIG-IP Analytics
- 12.1.6, 12.1.5, 12.1.4, 12.1.3, 12.1.2, 12.1.1
BIG-IP Link Controller
- 12.1.6, 12.1.5, 12.1.4, 12.1.3, 12.1.2, 12.1.1
BIG-IP LTM
- 12.1.6, 12.1.5, 12.1.4, 12.1.3, 12.1.2, 12.1.1
BIG-IP AFM
- 12.1.6, 12.1.5, 12.1.4, 12.1.3, 12.1.2, 12.1.1
BIG-IP PEM
- 12.1.6, 12.1.5, 12.1.4, 12.1.3, 12.1.2, 12.1.1
BIG-IP DNS
- 12.1.6, 12.1.5, 12.1.4, 12.1.3, 12.1.2, 12.1.1
BIG-IP ASM
- 12.1.6, 12.1.5, 12.1.4, 12.1.3, 12.1.2, 12.1.1
Managing Client-Side HTTP Traffic Using a Self-Signed RSA Certificate
Overview: Managing client-side HTTP traffic using a self-signed RSA certificate
This implementation uses an RSA self-signed certificate to authenticate HTTP traffic. When you want to manage HTTP traffic over SSL, you can configure the BIG-IP® system to perform the SSL handshake that target web servers typically perform.
A common way to configure the BIG-IP system is to enable client-side SSL, which makes it possible for the system to decrypt client requests before forwarding them to a server, and to encrypt server responses before returning them to the client. In this case, you need to install only one SSL key/certificate pair on the BIG-IP system.
Task summary
To implement client-side authentication using HTTP and SSL with a self-signed certificate, you perform a few basic configuration tasks.
Task list
Creating a self-signed RSA certificate
Creating a custom HTTP profile
Creating a custom Client SSL profile
Creating a pool to process HTTP traffic
Creating a virtual server for client-side HTTP traffic
Implementation result
After you complete the tasks in this implementation, the BIG-IP® system can authenticate and decrypt HTTP traffic coming from a client system, using an RSA self-signed certificate. The BIG-IP system can also re-encrypt server responses before sending them back to the client.