2-way SSL

Question

Hello Experts,&nbsp;I have a question here:For the 2-way SSL, we already offloaded the certs on f5 VIP and user is providing the other certificate from their side. But, it didn't work until the minute we provided them the private key. Since this is not a safe practice, is there a way we can install the user-side certificate on the LB VIP along with the root cert?The another problem is, since there are many customers, we won't be able to install that many certs so please help us with the solution.(My apologies for the poor technical wording - better clarification is appreciated as well)&nbsp;Regards,R

mandragor · Answer

You don't need to install the client-side certificate on the BIG-IP, you only have to specify the trusted Certificate Authority that signed the user's certificate - this is a great place to start reading to understand how to do that: https://devcentral.f5.com/s/articles/ssl-profiles-part-8-client-authentication

Particularly the part under "BIG-IP Configuration"

Forum Discussion

2-way SSL

Recent Discussions

F5 LTM listening on 3306

How to implement LTM forward proxy client to determine the diversion pool based on the domain name

irule to enable http/2 acceleration

VS FORWARDING & ROUTE

Statistics ›› Analytics : HTTP : Overview

Related Content

2 way ssl facing pool member

SSL Profiles Part 6: SSL Renegotiation

2 way ssl not working with open ssl generated certificates

Updating SSL Certificates on BIG-IP using REST API

SSL protocol mismatch

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS