nerdexam
F5

201 · Question #34

Assume a virtual server has a ServerSSL profile. What SSL certificates are required on the BIGIP.

The correct answer is A. No SSL certificates are required on the BIGIP.. When a virtual server uses a ServerSSL profile, the BIG-IP acts as an SSL client to the backend server, and therefore does not require its own SSL certificates for this function.

Section 2: Configure Load Balancing Features

Question

Assume a virtual server has a ServerSSL profile. What SSL certificates are required on the BIGIP.

Options

  • ANo SSL certificates are required on the BIGIP.
  • BThe BIGIP's SSL certificates must only exist.
  • CThe BIGIP's SSL certificates must be issued from a certificate authority.
  • DThe BIGIP's SSL certificates must be created within the company hosting the BIGIPs.

How the community answered

(47 responses)
  • A
    91% (43)
  • B
    4% (2)
  • C
    2% (1)
  • D
    2% (1)

Why each option

When a virtual server uses a ServerSSL profile, the BIG-IP acts as an SSL client to the backend server, and therefore does not require its own SSL certificates for this function.

ANo SSL certificates are required on the BIGIP.Correct

A ServerSSL profile enables the BIG-IP to re-encrypt traffic before sending it to the backend servers, acting as an SSL client. As a client, the BIG-IP does not need its own SSL certificates; it trusts the server's certificate or performs validation against CAs, but it doesn't present its own certificate unless explicitly configured for client certificate authentication to the server.

BThe BIGIP's SSL certificates must only exist.

The existence of certificates is not a requirement for a ServerSSL profile unless the backend server is configured to demand client certificates from the BIG-IP.

CThe BIGIP's SSL certificates must be issued from a certificate authority.

Requiring CA-issued certificates for the BIG-IP itself is incorrect for a standard ServerSSL profile where the BIG-IP is the client; it validates the server's certificate.

DThe BIGIP's SSL certificates must be created within the company hosting the BIGIPs.

Certificates created within the company are not inherently required for a ServerSSL profile, which primarily handles the SSL handshake with backend servers.

Concept tested: F5 BIG-IP ServerSSL profile certificate requirements

Source: https://techdocs.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/ltm-implementations-14-1-0/1.html

Topics

#ServerSSL profile#SSL certificates#re-encryption

Community Discussion

No community discussion yet for this question.

Full 201 Practice