Forum Discussion
Ding_Hsu
Nimbostratus
NimbostratusIs it possible to let the F5 XC provide different cerificate by path
Hi Everyone,
The customer has an IoT server that provides different functions by path, and it's all HTTPS service. Only the path "/uisgw2/" needs to enable the mTLS during the SSL handshake. The other paths just provide a server cerificate without mTLS. I was wondering if is it possible to set up on F5 XC?
Thanks in advanced
Ding
As I mentioned in that case is not possible. You can still configure XC redirect route and to a different fqdn domain and HTTP LB. The origin server could be the same but you can override the host header if needed in the XC route.
Ding_HsuHi Nikoolayy1,
Thanks for the reply. It's mTLS for the client side. In order to use different certificate on XC, I attempted to add two LB for layered forwarding. First LB forwards traffic to the Second LB when the client access the path "/uisgw2/", and the second LB enable mTLS. However, I'm still unable to use mTLS on client side.
Thanks,
Ding
- Nikoolayy1
MVP
As I mentioned in that case is not possible. You can still configure XC redirect route and to a different fqdn domain and HTTP LB. The origin server could be the same but you can override the host header if needed in the XC route.
- Nikoolayy1
You mean mTLS for the client side/downstream or for server side/upstream ? For the server side you can use XC routes that match paths and have different origin pools one with mTLS but for the client side I don’t think so.