Forum Discussion

Cirrus

Feb 14, 2020

Big-IP - Client Certificate

Hello, We're currently setting up an API on a Microsoft Service Fabric cluster(see below). Clients will be sending requests to the API with their own client certificate(which are subject to ch...

Cirrus

Feb 15, 2020

The simplest solution would be to remove the http profile and the client certificate, going to perform a simple tcp load balance and change the type of VIP in Performance Layer4.

Then install the certificate (wildcard) on the individual pool members.

in the current configuration you have 2 separate SSL connections.I can't imagine how you could impersonate the client, among other things you don't have the private key related to the client certificate.

Angelo

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

Big-IP - Client Certificate

Jonathan - March 2026 Featured Member

F5 AppWorld 2026 Las Vegas - iRules Contest Winners!

2026 F5 DevCentral MVP Announcement

Recent Discussions

T4 and ALL tenant images

Unable to Forward APM and AFM Logs to AWS CloudWatch Using Telemetry Streaming

Managing iRules configuration

CPU load when Prometheus is scraping metrics from F5 BIG-IP LTM

[ASM] - How to disable the SQL injection attack signatures

Related Content

Automating Certificate Management on F5 BIG-IP

Automating ACMEv2 Certificate Management on BIG-IP

Certificate Automation for BIG-IP using CyberArk Certificate Manager, Self-Hosted

Automate Let's Encrypt Certificates on BIG-IP

Updating SSL Certificates on BIG-IP using REST API

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS