BIG-IP systems use Secure Sockets Layer (SSL) authentication to verify the authenticity of the credentials of systems with which data exchange is necessary.
BIG-IP software includes a self-signed SSL certificate. If your network includes one or more certificate authority (CA) servers, you can also install SSL certificates that are signed by a third party. The BIG-IP systems exchange SSL certificates, and use a CA server to verify the authenticity of the certificates.
The big3d agent on all BIG-IP systems and the gtmd agent on BIG-IP Global Traffic Manager (GTM) systems use the certificates to authenticate communication between the systems.
SSL supports ten levels of authentication (also known as certificate depth):
You can configure BIG-IP systems for Level 1 SSL authentication. Before you begin, ensure that the systems you are configuring include the following:
You can configure BIG-IP systems for certificate chain SSL authentication.