Forum Discussion

Nimbostratus

Jan 04, 2010

Client Certificate Authentication

i want do ssl offload,compression and oneconnect for the https services but IIS is on require mode and Client have certificate for Authentication from the IIS. is that possible use Requ...

Cirrostratus

Jan 04, 2010

Hi Zafer,

LTM would be acting as a client to IIS, so you would configure LTM with a server SSL profile with a valid client cert/key. This server SSL profile would only validate LTM as a client--not the client cert.

Separately, LTM would request/require a client cert from clients connecting to the VIP. There is no way for LTM to proxy the actual client cert for the serverside SSL handshake as LTM doesn't have the client cert private key.

Aaron

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

Client Certificate Authentication

F5 Academy at AppWorld 2026

Aswin MK - November 2025 Featured Member

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

F5 XC 503 upstream_reset_before_response_started{protocol_error}

CVE mitigation on F5 XC vs classic F5 WAF

F5 mssql health monitor failing

Could not communicate with the system. Try to reload page.

UCS Encryption Question

Related Content

BIG-IQ Client Certificate (PKI) Authentication

SSL Profiles Part 8: Client Authentication

Automating Certificate Management on F5 BIG-IP

APM Clientless certificate authentication

Client Authentication with certificate on one URI only

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS