Certificates implementation in "SSL forward proxy client and server authentication" scenario.

list ltm virtual VS-TESTVERINT-443 ltm virtual VS-TESTVERINT-443 { destination 172.29.243.27:https ip-protocol tcp mask 255.255.255.255 pool P-TESTVERINT-443 profiles { CSSL-TESTVERINT { context clientside } SSSL-SNVERAPP { context serverside } tcp { } } source 0.0.0.0/0 source-address-translation { pool VIP-TESTVERINT type snat } vlans-disabled }

list ltm profile client-ssl CSSL-TESTVERINT ltm profile client-ssl CSSL-TESTVERINT { app-service none cert-extension-includes none cert-lifespan 30 defaults-from clientssl proxy-ca-cert VERINT.EXT.VIDEOTRON.COM.crt proxy-ca-key VERINT.EXT.VIDEOTRON.COM.key proxy-ca-passphrase $M$q7$IQDtaQ4oZ2BXvIAqz5s2Bg== ssl-forward-proxy enabled }

list ltm profile server-ssl SSSL-SNVERAPP ltm profile server-ssl SSSL-SNVERAPP { alert-timeout 10 app-service none cache-size 262144 cache-timeout 3600 cert SNVERAPP3.EXT.VIDEOTRON.COM.crt chain none ciphers DEFAULT defaults-from serverssl handshake-timeout 10 key SNVERAPP3.EXT.VIDEOTRON.COM.key mod-ssl-methods disabled options { dont-insert-empty-fragments } passphrase $M$mF$IT/oLKnaCjrDzrPuNam/KA== proxy-ssl disabled renegotiate-period indefinite renegotiate-size indefinite renegotiation enabled secure-renegotiation require-strict server-name none session-ticket disabled sni-default false sni-require false ssl-forward-proxy enabled strict-resume disabled unclean-shutdown enabled }