Hi,
suppose you are accessing VIP on 443 and you have attached 443 pool to it.
- If you want to terminate SSL on web-server (backend server), no need to configure any Client and Server SSL profile on the VIP. Just you need to make sure proper certificate is configured on the server itself. So that certificate will be presented to the client during SSL handshake. This would be SSL pass through for F5.
2. Now if you want to terminate SSL on F5 itself. For this, you need to configure Client SSL and Server
SSL profile on the VIP where 443 Pool will be attached. Client SSL profile will include the actual certificate that will be presented to client during SSL handshake. For Server side SSL, you can simply configure default SSL profile available on F5 i.e. serverssl-insecure-compatible. Client SSL would be used for secure session between client and F5. Server SSL will be used for secure session between F5 and backend web server. This would be SSL bridging.
As per your configuration, you can choose option 1 or 2.
Hope it helps!
Mayur