For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

WaterlooSysAdmi's avatar
WaterlooSysAdmi
Icon for Cirrus rankCirrus
Feb 14, 2020

Big-IP - Client Certificate

Hello,   We're currently setting up an API on a Microsoft Service Fabric cluster(see below). Clients will be sending requests to the API with their own client certificate(which are subject to ch...
application delivery
BIG-IP
devops
iRules
Angelo_V's avatar
Angelo_V
Icon for Cirrus rankCirrus
Feb 15, 2020

The simplest solution would be to remove the http profile and the client certificate, going to perform a simple tcp load balance and change the type of VIP in Performance Layer4.

Then install the certificate (wildcard) on the individual pool members.

 

in the current configuration you have 2 separate SSL connections.I can't imagine how you could impersonate the client, among other things you don't have the private key related to the client certificate.

 

Angelo