Question about Load Balancer certificate for ISC TLS IQServices Load Balancer setup

Identity Security Cloud (ISC) ISC Discussion and Questions
1

Hello Experts,

Planning to setup ISC TLS to F5 VIP Load balancer with 2 Windows IQServices as backends, to AD. Learned that the certificate must use Load Balancer’s FQDN, then once the certificate chain issued by a CA, install/import the chain to all three parties: F5, two IQServices.

My question/confusion is: should I generate a CSR which should fully meet all TLS IQService certificate requirements such as:

image
image1782×652 26.4 KB

and so on except using F5 Load balancer VIP’s FQDN as common name and DNS subject alternative name? From what I have learned, I feel yes. But need to be clear. Any inputs highly appreciated. Many thanks in advance.

2

@yunhanspiiq -

Your intuition is right. generate a single CSR for the VIP FQDN that meets the IQService TLS requirements; install the issued cert+chain on both IQService nodes (same cert on both), not on F5 (for TLS passthrough).

4

Got it. Very clear and helpful. thanks much.

5

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.