For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

zafer's avatar
zafer
Icon for Nimbostratus rankNimbostratus
Jan 04, 2010

Client Certificate Authentication

i want do ssl offload,compression and oneconnect for the https services but IIS is on require mode and Client have certificate for Authentication from the IIS.

 

 

is that possible use Require mode into the Client SSL Profile for this configuration.

 

 

i learned i can do with only iRule and Client SSL profile mode must be Request mode.

 

 

Could you please inform me

 

 

regards

 

zafer
application delivery
dev
devops
iRules

3 Replies

  • hoolio's avatar
    hoolio
    Icon for Cirrostratus rankCirrostratus
    Jan 04, 2010
    Hi Zafer,

     

     

    LTM would be acting as a client to IIS, so you would configure LTM with a server SSL profile with a valid client cert/key. This server SSL profile would only validate LTM as a client--not the client cert.

     

     

    Separately, LTM would request/require a client cert from clients connecting to the VIP. There is no way for LTM to proxy the actual client cert for the serverside SSL handshake as LTM doesn't have the client cert private key.

     

     

    Aaron
  • zafer's avatar
    zafer
    Icon for Nimbostratus rankNimbostratus
    Jan 07, 2010
    The solution is LTM check client Certificate (Validation control) then LTM insert Client certificate into the header then Application server take this certificate and check it?

     

     

    is that possible thist?

     

     

    zafer

     

  • hoolio's avatar
    hoolio
    Icon for Cirrostratus rankCirrostratus
    Jan 07, 2010
    Hi Zafer,

     

     

    That would be one solution. If the IIS servers require a client cert and this can't be changed, then you'd also need to configure a server SSL profile with a valid client cert/key.

     

     

    Aaron