Professional Documents
Culture Documents
SSL Processing
www.routehub.net
• Advantages:
• Offload SSL processing from web servers
• Encryption and Decryption done in BIG-IP hardware.
• Requires only one certificate to be installed on the BIG-IP
Use Case for SSL Termination
• Requirements:
• Client to stay connected to same server in pool
• Setting up Persistence using HTTP cookie
• Problems:
• HTTP cookie resides in the application data which is encrypted in a HTTPS/SSL
session
• Solution:
• Implement SSL termination and then enable Persistence using HTTP cookie
Steps for Implementation
• Certificate:
• Self-Signed (development use)
• Public Certificate from Trusted Certificate Authority (production use)
• Keys:
• Private Key: responsible for decrypting data
• Public Key: responsible for encrypting data
• Other Steps:
• SSL Client Profile
• Profile associated to Virtual Server
Hardware Considerations for SSL TPS
• Check hardware for max Transactions per second (TPS) for SSL
processing
Server-Side Security
• To provide encryption with servers in a server pool (pool member)
• Increase workload on BIG-IP