Applies To:
Show VersionsBIG-IP LTM
- 11.6.5, 11.6.4, 11.6.3, 11.6.2, 11.6.1
Managing Client-side HTTP Traffic Using a CA-Signed Elliptic Curve DSA Certificate
Overview: Managing client-side HTTP traffic using a CA-signed, ECC-based certificate
When you configure the BIG-IP® system to decrypt client-side HTTP requests and encrypt the server responses, you can optionally configure the BIG-IP system to use the Elliptic Curve Digital Signature Algorithm (ECDSA) as part of the BIG-IP system's certificate key chain. The result is that the BIG-IP system performs the SSL handshake usually performed by target web servers, using an ECDSA key type in the certificate key chain.
This particular implementation uses a certificate signed by a certificate authority (CA).
Task summary
To implement client-side authentication using HTTP and SSL with a certificate signed by a certificate authority, you perform a few basic configuration tasks.
Task list
Requesting a signed certificate that includes an ECDSA key
Creating a custom HTTP profile
Creating a custom Client SSL profile
Creating a pool to process HTTP traffic
Creating a virtual server for client-side HTTP traffic
Implementation results
After you complete the tasks in this implementation, the BIG-IP® system encrypts client-side ingress HTTP traffic using an SSL certificate key chain. The BIG-IP system also re-encrypts server responses before sending the responses back to the client.
The certificate in the certificate key chain includes an Elliptic Curve Digital Signature Algorithm (ECDSA) key and certificate.