For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

AceHunter1965's avatar
AceHunter1965
Icon for Altostratus rankAltostratus
Dec 15, 2021

BIG-IP Forward Client Cert To Node

Hey all,

 

At our company, we have a BIG-IP cluster bridging two networks, with servers / client on both sides (we also have the AWAF module which goes over HTTP requests).

 

Some of our websites require mutual TLS, but the thing is we have a lot of client certificates, and can't load all of them into BIG-IP.

Is there a way to forward the client certificate to the server? We need the certificates to be presented during the handshake and not sent as a header.

 

Thanks!

application delivery
BIG-IP
LTM

2 Replies

  • AceHunter1965's avatar
    AceHunter1965
    Icon for Altostratus rankAltostratus
    Dec 15, 2021

    An important note - We use a single virtual server since all requests go through the same port and into the same IP

  • Amine_Kadimi's avatar
    Amine_Kadimi
    Icon for MVP rankMVP
    Dec 15, 2021

    Proxy SSL is the answer. check this for more information:

     

    https://support.f5.com/csp/article/K13385

    https://techdocs.f5.com/en-us/bigip-16-0-0/big-ip-system-ssl-administration/implementing-proxy-ssl-on-a-single-big-ip-system.html