Forum Discussion

Nimbostratus

Oct 22, 2013

Client cert for IIS getting dropped

We have a new simple setup with a vip doing ssl offloading. Website cert is applied to client SSL profile and serverssl is used for server side, and that all works ok. The problem is our app guys are...

Kevin_Stewart

Employee

Oct 25, 2013

Well we ended up just passing that traffic through the F5, no proxySSL or anything since we didn't really need to see the data on F5. Just did SSL persistence. Works great now.

Just be aware that using SSL persistence with a browser-based app is a slippery slope. Persistence is based on a session ID that is generated in the handshake and maintained throughout the session. The client browser and/or server can, and very often will, renegotiate the SSL at fixed or random intervals, which changes the session ID. Each browser is different, but you're almost guaranteed to run into this at some point.

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)