Forum Discussion

Ding_Hsu's avatar
Ding_Hsu
Icon for Nimbostratus rankNimbostratus
Jul 27, 2024

Is it possible to let the F5 XC provide different cerificate by path

Hi Everyone,

 

The customer has an IoT server that provides different functions by path, and it's all HTTPS service. Only the path "/uisgw2/" needs to enable the mTLS during the SSL handshake. The other paths just provide a server cerificate without mTLS. I was wondering if is it possible to set up on F5 XC?

 

Thanks in advanced

Ding

certificates
ssl
xc
  • Nikoolayy1's avatar
    Nikoolayy1
    Jul 27, 2024

    As I mentioned in that case is not possible. You can still configure XC redirect route and to a different fqdn domain and HTTP LB. The origin server could be the same but you can override the host header if needed in the XC route.

  • Nikoolayy1's avatar
    Nikoolayy1
    Icon for MVP rankMVP
    Jul 27, 2024

    You mean mTLS for the client side/downstream or for server side/upstream ? For the server side you can use XC routes that match paths and have different origin pools one with mTLS but for the client side I don’t think so.

  • Ding_Hsu's avatar
    Ding_Hsu
    Icon for Nimbostratus rankNimbostratus
    Jul 27, 2024

    Hi Nikoolayy1,

    Thanks for the reply. It's mTLS for the client side. In order to use different certificate on XC, I attempted to add two LB for layered forwarding. First LB forwards traffic to the Second LB when the client access the path "/uisgw2/", and the second LB enable mTLS. However, I'm still unable to use mTLS on client side.

     

    Thanks,

    Ding

    • Nikoolayy1's avatar
      Nikoolayy1
      Icon for MVP rankMVP
      Jul 27, 2024

      As I mentioned in that case is not possible. You can still configure XC redirect route and to a different fqdn domain and HTTP LB. The origin server could be the same but you can override the host header if needed in the XC route.