Forum Discussion
shadow82
Cirrus
CirrusClient certificate forward to backend server
Hi!
I need to forward client SSL cert to backend server over F5 to authenticate it.
Our F5 config consist of 1 External VServer that routes requests based on checking HTTP Host to chosen Internal VServer (next traffic is normally forwarded to pool member)
Above decision is based on multiple LTM policy rules.
So I'm confused in which SSL profile should I put Client authentication details (with Root_CA that self signed Client cert)
And should I use any iRule for this purpose. If yes - how should it look like?
Some base data:
- We use F5 VE Act/Stb cluster with LTM module, version BIG-IP 16.1.4.1
- We have 1 External VServer forwarding request to chosen Internal VServer based on HTTP Host (we use LTM policy for this purpose)
Thanks in advance
- whisperer
MVP
For starters, take a look at the following article: https://community.f5.com/t5/technical-articles/ssl-profiles-part-8-client-authentication/ta-p/280168.
Are you looking to authenticate the client SSL profile on the F5 as part of the SSL termination there, or are you looking to pass through the client SSL certificate to the backend origin server?
- zamroni777
Nacreous
for f5-client side ssl config, you set it into virtual server's client (side) ssl profile.
to pass client certificate to server, you might try to insert client certificate data as custom http header when f5 forwards http request to server.
there are some similar example in this doc:
https://clouddocs.f5.com/api/irules/SSL__cert.html - Lucas_Thompson
Employee
See this post for a discussion of the same topic:
