When you configure the BIG-IP® system to decrypt client-side HTTP requests and encrypt the server responses, you can optionally configure the BIG-IP system to use the Elliptic Curve Digital Signature Algorithm (ECDSA) as part of the BIG-IP system's certificate key chain. The result is that the BIG-IP system performs the SSL handshake usually performed by target web servers, using an ECDSA key type in the certificate key chain.
This particular implementation uses a certificate signed by a certificate authority (CA).
To implement client-side authentication using HTTP and SSL with a certificate signed by a certificate authority, you perform a few basic configuration tasks.
After you complete the tasks in this implementation, the BIG-IP® system encrypts client-side ingress HTTP traffic using an SSL certificate key chain. The BIG-IP system also re-encrypts server responses before sending the responses back to the client.
The certificate in the certificate key chain includes an Elliptic Curve Digital Signature Algorithm (ECDSA) key and certificate.