Forum Discussion

JamesH145_24056's avatar
JamesH145_24056
Icon for Nimbostratus rankNimbostratus
Dec 24, 2015

Can an F5 irule or ASM be used authenticate the AWS Gateway Client-Side SSL Certificate

Hi,

 

I have a number of onsite APIs that I would like to look at exposing via the API gateway. To do this I am looking at how use the Client-Side SSL Authentication with an On Prem F5 using an irule or the Application Security Manager (ASM).

 

I would like the F5 to check that it is the API gateway call the webservice and then pass the request to the internal systems.

 

I am getting an error on the F5 when I try and upload the certificate: Security ›› Options : Application Security : Advanced Configuration : Certificates Pool ›› Create New Certificate... Validation failed. Please upload/paste valid .PEM file

 

Has anyone been able to do this?

 

Is an F5 capable of doing just the authentication check?

 

https://support.f5.com/kb/en-us/products/big-ip_asm/manuals/product/asm-implementations-11-6-0/18.print.html

 

Any assistance is appreciated.

 

thanks

 

James.

 

  • APM can do this. As well client cert checking can be done in an iRule. There are examples on DC.

     

    • JamesH145_24056's avatar
      JamesH145_24056
      Icon for Nimbostratus rankNimbostratus
      Thanks for your response John. I had found a few articles but was having no luck. ASM - I tried to follow the link I posted but received an error when uploading the cert as I feel the F5 may want more than just the public cert put it is not clear. iRules - All the references I could find seem to have deprecated in v10 for xml functions in favour of ASM. So keen to know if someone has done this between AWS & F5...