Forum Discussion
Nimbostratus2 way SSL implementation on F5 LTM
I am trying to accomplish the below by using 2 way SSL. I have two requirement.
1- all request https:///events to go to pool with 443 SSL with 2 way SSL authentication. 2- rest other client request like https:///login and https:/// should go to another pool with 80 and while hitting the url https:///login and https:/// browser should not ask for certificate.
Can someone help to achieve this.
5 Replies
natheCirrocumulus
Shailesh, the SSL connection (and hence certificate exchange) will happen before the bigip can view the HTTP payload. And this is before any redirection can take place. Also, mutual authentication will happen first too.
Hope this helps,
N
- Kai_Wilke
MVP
Please clarify the mentioned URLs? Is it https://events/, https://login/ and https://???/ or is it https://sitename/events/, https://sitename/login/ and https://sitename/* ? Furthermore its important to know if the 2-Way handshake "can" be terminated on the F5 or if the 2-Way handshake "must" be terminated on the backend website?
Cheers, Kai
Shailesh_Shuklaurl would be https://sitename/login/ and https://sitename/* which should not ask for certificate when I hit from the browser
- Shailesh_Shukla
Can you tell me how to achieve below.
https://sitename/login/ and https://sitename/* ==Should not ask for certificate when I hit in browser as I have pool with port 80.
https://sitename/events==should ask for certificate as I have pool with port 443
- nathe
If the hostname is the same then SNI is not an option. My view is you can't achieve what you're after this way. Perhaps other DCers have other suggestions.
