https end to end
- Mar 30, 2021
If your company security policy does not allow F5 to decrypt and re-encrypt the traffic before sending it to the backend servers, then you will need to configure SSL and the certifications on the backend server itself as there will be no SSL sessions between F5 and the server (pass-through scenario, see here:, in other words F5 will not participate in the SSL process.
However, the number of certificates you need is not relative to which scenario you are using, as it depends on the number of domains you are publishing not on the number of servers you are using, e.g if your domain is and it's served by five servers then you only need to buy one cert and deploy it to the five servers if using the pass-through setup. But if SSL is terminated on F5 you'll only need to deploy the cert on F5 and use self-signed certs between F5 and the five servers.
Hop that helps