Forum Discussion
f5mkuDefault
Cirrus
Cirrus2 way ssl facing pool member
hi experts, just want to check, have anyone tried to enable 2 way ssl from which F5 is the client? We know enabling the 2 way on the client ssl profile, this method F5 is the one authenticatin...
Hi TIA,
yes, this is possible. In my loadbalancing pool, I have two nginx servers with the following config:
# HTTPS virtual server server { listen 8443 ssl; server_name _; ssl_certificate /etc/ssl/certs/nginx.crt; ssl_certificate_key /etc/ssl/private/nginx.key; ssl_client_certificate /etc/ssl/certs/My_Domain_Issuing_CA.crt;And in the Server SSL Profile I configured the following.
ltm profile server-ssl pr_serverssl_mtls { app-service none cert ffive01.mydomain.com defaults-from pr_serverssl key ffive01.mydomain.com }The cert is issued by My_Domain_Issuing_CA. That's all it needs.
KR
Daniel
Daniel_Wolf
MVP
MVPHi TIA,
yes, this is possible. In my loadbalancing pool, I have two nginx servers with the following config:
# HTTPS virtual server
server {
listen 8443 ssl;
server_name _;
ssl_certificate /etc/ssl/certs/nginx.crt;
ssl_certificate_key /etc/ssl/private/nginx.key;
ssl_client_certificate /etc/ssl/certs/My_Domain_Issuing_CA.crt;And in the Server SSL Profile I configured the following.
ltm profile server-ssl pr_serverssl_mtls {
app-service none
cert ffive01.mydomain.com
defaults-from pr_serverssl
key ffive01.mydomain.com
}The cert is issued by My_Domain_Issuing_CA. That's all it needs.
KR
Daniel
f5mkuDefaultthanks Daniel. This helps a lot!