For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Kevin_Stewart's avatar
Kevin_Stewart
Icon for Employee rankEmployee
May 01, 2016

I would add that this is a pretty common question and is really a limitation imposed by SSL itself. Ultimately if you need to do certificate-based authentication and still be able to do something intelligent with the traffic at a proxy layer, the proxy has to do something different on the server side. Since you're certificate likely doesn't contain a password, you wouldn't generally be able to do HTTP Basic or NTLM on the server side (which require a password), but you can do Kerberos. You could also consider sending the credential information to the servers as HTTP headers (encrypted of course). In any case, you would have to change the way the servers consume client credential information.