Forum Discussion
zafer
Nimbostratus
NimbostratusClient Certificate Authentication
i want do ssl offload,compression and oneconnect for the https services but IIS is on require mode and Client have certificate for Authentication from the IIS.
is that possible use Require mode into the Client SSL Profile for this configuration.
i learned i can do with only iRule and Client SSL profile mode must be Request mode.
Could you please inform me
regards
zafer
hoolioCirrostratus
Hi Zafer,
LTM would be acting as a client to IIS, so you would configure LTM with a server SSL profile with a valid client cert/key. This server SSL profile would only validate LTM as a client--not the client cert.
Separately, LTM would request/require a client cert from clients connecting to the VIP. There is no way for LTM to proxy the actual client cert for the serverside SSL handshake as LTM doesn't have the client cert private key.
Aaron
zaferThe solution is LTM check client Certificate (Validation control) then LTM insert Client certificate into the header then Application server take this certificate and check it?
is that possible thist?
zafer- hoolioHi Zafer,
That would be one solution. If the IIS servers require a client cert and this can't be changed, then you'd also need to configure a server SSL profile with a valid client cert/key.
Aaron