Forum Discussion
Amartya_Ghosh_1
Nimbostratus
Nimbostratus2 Way SSL implementation
Hi,
I have a requirement to implement 2 way ssl. I do not have much idea on this. Can anyone please help me or guide me as in what all things I need to consider and how to implement this.
I...
Gicu_337843Nimbostratus
NimbostratusPlease help me with step by step how to configure 2 way ssl autenthication for my virtual server. Only 2 way ssl autenthication - not more. I have web site certificate and chain certificate only. Thank you.
Kevin_Stewart
Employee
EmployeeSure.
- Install the chain (subordinate CA) certificate
- Install the web server certificate and private key
-
Create the client SSL profile
- Certificate Key Chain: web server cert and private key. You can optionally include the chain cert if you want the F5 to pass this CA cert to the client during the TLS handshake, to help the client do validation in case the client doesn't have this CA cert. This only works for subordinate CA certs.
- Client Authentication - Client Certificate: request or require. The difference is that request makes the request but fails open if validation fails. Require fails closed.
- Client Authentication - Trusted Certificate Authorities: select the chain cert. This subordinate CA is used to validate/trust the client's certificate
- Bind the client SSL profile to a virtual server
This is the absolute simplest and minimal requirements for 2-way (mutual) TLS authentication.
