Forum Discussion
Stephane_Viau
Feb 20, 2019Nimbostratus
There are multiple ways to do that on the Big-IP, but in most cases you probably want the valid certificate and its matching private key on the Big-IP, and then you can have a valid or self-signed certificate and its matching private key on the backend server.
Encryption between the client and the Big-IP will use the certificate hosted on the Big-IP, and encryption between the Big-IP and the backend server will be done using the certificate on the backend server. In this scenario the Big-IP acts both as a server and a client.