F5 LB : Decryption and Re-Encryption of Traffic to Application Server
I want to understand how a F5 Load balancer decrypts the SSL traffic received from a client say a browser and then re-encrypts it before sending/forwarding the same to an Application Server in an enterprise network. The reason for asking this question is that, In our internal network the communication between the load balancer and the application server is secure. Recently we renewed the Certificate on the application servers. It was a self signed certificate. Ideally a Client e.g. F5 LB will at least need the Root CA of this Certificate to be able to trust and communicate to the endpoint like Application Server over SSL. This is how I have seen mostly in all the Client-Server communication over SSL so far. Surprisingly F5 LB was able to communicate to the Application Server over SSL, even when there was no Root CA present in the Trusted Store of F5. So how is this possible and how F5 does the re-encryption of traffic before sending it over a secure network ?