Applies To:
Show VersionsBIG-IP AAM
- 11.5.10, 11.5.9, 11.5.8, 11.5.7, 11.5.6, 11.5.5, 11.5.4, 11.5.3, 11.5.2, 11.5.1
BIG-IP APM
- 11.5.10, 11.5.9, 11.5.8, 11.5.7, 11.5.6, 11.5.5, 11.5.4, 11.5.3, 11.5.2, 11.5.1
BIG-IP GTM
- 11.5.10, 11.5.9, 11.5.8, 11.5.7, 11.5.6, 11.5.5, 11.5.4, 11.5.3, 11.5.2, 11.5.1
BIG-IP Link Controller
- 11.5.10, 11.5.9, 11.5.8, 11.5.7, 11.5.6, 11.5.5, 11.5.4, 11.5.3, 11.5.2, 11.5.1
BIG-IP Analytics
- 11.5.10, 11.5.9, 11.5.8, 11.5.7, 11.5.6, 11.5.5, 11.5.4, 11.5.3, 11.5.2, 11.5.1
BIG-IP LTM
- 11.5.10, 11.5.9, 11.5.8, 11.5.7, 11.5.6, 11.5.5, 11.5.4, 11.5.3, 11.5.2, 11.5.1
BIG-IP AFM
- 11.5.10, 11.5.9, 11.5.8, 11.5.7, 11.5.6, 11.5.5, 11.5.4, 11.5.3, 11.5.2, 11.5.1
BIG-IP PEM
- 11.5.10, 11.5.9, 11.5.8, 11.5.7, 11.5.6, 11.5.5, 11.5.4, 11.5.3, 11.5.2, 11.5.1
BIG-IP ASM
- 11.5.10, 11.5.9, 11.5.8, 11.5.7, 11.5.6, 11.5.5, 11.5.4, 11.5.3, 11.5.2, 11.5.1
Securing HTTP Traffic Using a Self-signed Certificate with an Elliptic Curve DSA Key
Overview: Managing client-side HTTP traffic using a self-signed, ECC-based certificate
When you configure the BIG-IP® system to decrypt client-side HTTP requests and encrypt the server responses, you can optionally configure the BIG-IP system to use an Elliptic Curve Digital Signature Algorithm (ECDSA) key for authentication as part of the BIG-IP system's certificate key chain. Using elliptic curve cryptography (ECC), an ECDSA key creates a digital signature that allows the system to verify the authenticity of data without compromising its security. The result is that the BIG-IP system performs the SSL handshake, usually performed by target web servers, using an ECDSA key type in the certificate key chain.
This particular implementation uses a self-signed certificate.
Task summary
To implement client-side authentication using HTTP and SSL with a self-signed certificate, you perform a few basic configuration tasks.
Task list
Creating a self-signed SSL certificate
Creating a custom HTTP profile
Creating a custom Client SSL profile
Creating a pool to process HTTP traffic
Creating a virtual server for client-side HTTPS traffic
Implementation results
After you complete the tasks in this implementation, the BIG-IP® system authenticates and encrypts client-side ingress HTTP traffic using an SSL certificate key chain. The BIG-IP system also re-encrypts server responses before sending the responses back to the client.
The certificate in the certificate key chain includes an Elliptic Curve Digital Signature Algorithm (ECDSA) key as the authentication mechanism.