Forum Discussion
Nimbostratuscheck ssl server certificate on client side
Hello,
is it possible to check for a ssl server certificate on the client side? The problem is that we have an application which is only capable to show a ssl server certificate and no client certificate. Is it possible to verify this with an iRule or with the apm module?
Thank you.
2 Replies
VernonWellsEmployee
I apologize, but the request isn't entirely clear to me. Firstly, I assume that you are not using SSL offload on the BIG-IP. Is that correct? Are you attempting to ensure that the traffic on a specific port uses a TLS handshake before starting? Are you attempting to ensure that the TLS handshake includes a server certificate? While TLS provides mechanisms for operation without certificates (e.g., anonymous key exchange), I don't believe that almost any user-agent supports TLS without at least a server certificate.
Christian_15402The client connects via HTTPS to the BIG-IP. The BIG-IP also connects to the server via HTTPS. We want to ensure that the client (internet) has a valid certificate. The problem is, this specific application installed on the client is only capable to use a server certificate. On the BIG-IP, i think, it is only possible to require/request a client certifacte on the client side.
