Forum Discussion
Alain_Morin_147
Nimbostratus
NimbostratusCertificates implementation in "SSL forward proxy client and server authentication" scenario.
I want to implement SSL forward proxy client and server authentication, and I am not sure how certificates are implemented. How can it be done? I mean how do I have to implement client and server cer...
Alain_Morin_147Nimbostratus
NimbostratusMy understanding is that in a reverse-proxy scenario, the "verint.ext.videotron.com" certificate would be located on both backend servers (snverapp1 & snverapp3) servers. This is not possible because on the applications residing on those backend servers. So, in my case, the BIG-IP must hold the "verint.ext.videotron.com" certificate and load balance traffic between the 2 backend servers using SSL. This is why my perception is that I should use forward proxy. This is why I applied the "SSL forward proxy client and server authentication" procedure and I don't understand why it is not working. The difference I noticed between the 11.3.0 and 11.5.0 reside in the "Server SSL forward profile" section. Using Google Chrome, I have a more verbose response where the error shows: Error type : Malformed certificate Object : snverapp3.ext.videotron.com Issuer : testverint.ext.videotron.com
Cory_50405Noctilucent
Forward proxy behavior is fundamentally different than reverse proxy. In reverse proxy mode, the LTM is presenting the client with the web server's certificate and acting on behalf of the server. In forward proxy mode, the LTM is acting on behalf of the client by fetching content and returning to the client. Both Kevin and I agree you should be setup in a reverse proxy mode. Can you try reconfiguring your SSL profiles as I have indicated in a previous post and see if that works?