Ujwol / Wilja32,
Thank you for your responses, much appreciated it. Our enterprise security policy requires that we encrypt all HTTP traffic (SSL everywhere) so our typical setup for a web application looks like this:
1) Client web browser request: https://webapp.company.com:443
2) F5 LB receives this request but will not terminate the SSL connection (SSL pass-through) and then distribute the request to destination web servers at: https://web1.company.com:8443 or https://web2.company.com:8443
3) both web1 and web2 each has a copy of the server certificate for: webapp.company.com so it can terminate/negotiate the SSL handshake with the client.
As you can see, there is only one SSL certificate to encrypt the HTTP traffic at the web server. Based on your response, it looks like below is what the flow would look like with SPS added into the picture:
1) Client web browser request: https://webapp.company.com:443
2) F5 LB1 receives request with SSL Pass-through, it then distribute to destination server: https://SPS1.company.com:8443 or https://SPS2.company.com:8443
3) Both SPS1 and SPS2 has a copy of the server certificate for: webapp.company.com and so it does the SSL handshake initializing the SSL session with the client/browser.
4) SPS then distribute/forward traffic to the destination server: F5 LB2: - - - > https://lb2.webapp.company.com:8443
5) F5 LB2 does not terminate SSL and pass the request to destination servers: https://web1.company.com:8443 or https://web2.company.com:8443
6) web1 and web2 each has its own server certificate for LB2.webapp.company.com so it initiate SSL handshake with SPS.
Please let me know if this flow is the only way that we can implement SPS with SSL going to SPS and then SSL to destination servers.
Thanks in advance,
Duc Tran.