2.2. Deploy Basic HTTPS ADC Service

Note

From this point on the guide will use an abbreviated version of the previous instructions. Please complete the initial deployment of each task as instructed. You are then free to modify values and experiment as needed.

2.2.1. Deploy HTTPS Service (auto-created Client-SSL profile and SNAT pool)

  1. Create a new deployment with the following values:

    Field Name Value
    Name Lab2.2
    Template appsvcs_integration_v2.0.003
    Virtual Server: Address 10.1.20.12
    `Virtual Server: Port <AppSvcsiAp p_presoref.html# preso-pool-port> `__ 443
    Pool: Pool Table
    • Row 1:
      • Index: 0
      • Monitor(s): 0
    Pool: Members
    • Row 1:
      • Pool Idx: 0
      • IP/Node Name: 10.1.10.100
      • Port: 80
    • Row 2:
      • Pool Idx: 0
      • IP/Node Name: 10.1.10.101
      • Port: 80
    Monitor: Monitor Table
    • Row 1:
      • Index: 0
      • Name: /Common/http
    Virtual Server: Client-side L4 Protocol Profile /Common/tcp-wan-optimized
    Virtual Server: Server-side L4 Protocol Profile /Common/tcp-lan-optimized
    Virtual Server: HTTP Profile /Common/http
    Virtual Server: SNAT Configuration
    create:10.1.10.250,10.1.10.251
    

    Note

    This is the first example of the `Advanced Options & Create String Syntax <AppSvcsiApp_datamodel_createadvopt.htm

    l>`__.
    This value will create a SNAT pool with two IPs in it.
    Virtual Server: Client SSL Certificate /Common/default.crt
    Virtual Server: Client SSL Key /Common/default.key
    `Virtual Server: Client SSL Certificate Chain <AppSvcsiA pp_presoref.html #preso-vs-profil eclientsslchain> `__ /Common/ca-bundle.crt

  2. Review the deployed configuration using the iApp Components view and deployment log

    • The deployment used the default SSL key/cert pair on the device. In a real world deployment you would import your cert/key pair into the Common partition and reference the name(s) in the Virtual Server: Client SSL Certificate and Virtual Server: Client SSL Key fields.
    • A port 80 -> 443 redirect was created automatically due to a L4-7 Functionality feature of the iApp. We will review this functionality in subsequent labs
    • After about 1 minute click the ‘Properties’ button. Notice all the statistics we are now tracking. This is another L4-7 feature we will review later.

Note

You can also use the value ‘auto’ in the ‘Virtual Server: Client SSL Certificate’ and ‘Virtual Server: Client SSL Key’ fields. The behavior for ‘auto’ is to look for a Certificate and/or Key on the system with the same name and the name for the iApp deployment. For example, in this lab the system would look for ‘/Common/Lab2.2.crt’ and/or ‘/Common/Lab2.2.key’. This feature is included to allow for automated deployment when a separate process is used to populate Crypto objects (ie. Network HSM, Scripting, PKI solutions, etc.)

2.2.2. Modify to reference an existing Client-SSL profile

  1. Click iApps -> Application Services -> Lab2.2 -> Reconfigure

  2. Modify the following values and click ‘Finished’:

    Field Name Value
    Virtual Server: Client SSL Profile /Common/clientssl
    Virtual Server: Client SSL Certificate <remove the value>
    Virtual Server: Client SSL Key <remove the value>

  3. Review the deployed config. It should now reference the /Common/clientssl profile. The previously created client-ssl profile was automatically removed.

Note

iApp deployments create non-shared objects under an Application Service Object (ASO). As a result all configuration is contained within the ASO. Modifications of one ASO does not impact any other deployments. Deletion of the deployment results in the deletion of the ASO and all objects under it.

The BIG-IP API Reference documentation contains community-contributed content. F5 does not monitor or control community code contributions. We make no guarantees or warranties regarding the available code, and it may contain errors, defects, bugs, inaccuracies, or security vulnerabilities. Your access to and use of any code available in the BIG-IP API reference guides is solely at your own risk.