atoth
Oct 21, 2015Cirrus
2-Way SSL Authentication with irules.
I've got a requirement to implement an irule on an vip, which would redirect traffic to another vip on the same LB, based on a simple uri. Easy-peasy, right? However, it turns out that the customer is using two-way SSL authentication. Now this thread( https://devcentral.f5.com/questions/2-way-ssl-implementation-25325 ) was most helpful, but I still have a few questions.
- 1)The customer's SSL certificate is self-signed. From what I understand, this won't fly, and they must get a certificate with an intermediate cert bundle that can be installed on the F5. Correct?
- 2)All the modifications take place on the client profile. I need to set Client Authentication to request or require and specify the intermediate cert bundle in this section as well.
- 3)Can I set a server ssl profile on the originating vip(VIP1). VIP2, doesn't have ssl traffic offloading enabled.
- 4)If I can't set a server ssl profile on VIP1, what happens to the default traffic will is going to the pool under VIP1?