Forum Discussion

Nimbostratus

Dec 04, 2015

Client Certificate is not passing through back end hosts

I have SSL terminated at F5, we have client certificate for client authentication coming via application request. The client certificate is not passed through the back end systems hence it is reject...

Employee

Dec 04, 2015

Never going to work. This is a fundamental limitation (and security feature) of SSL/TLS. Upon presenting its certificate, a client also presents information signed with its private key. Therefore any device that terminates (and optionally re-encrypts) between the two end points cannot send the client's certificate because it would never have access to the client's private key. Your options are to either

a) not handle SSL/TLS at the proxy

b) request the client cert at the proxy and find some other information to send to the server

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

Client Certificate is not passing through back end hosts

F5 Academy at AppWorld 2026

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

After upgrading from PeopleTools 8.59.11 to 8.61.11 F5 APM is not rewriting the internal URLs

F5 BIG IP laboratory license

F5 mssql health monitor failing

How can I get started with iCall

Connection Rest f5

Related Content

Automating Certificate Management on F5 BIG-IP

Automating ACMEv2 Certificate Management on BIG-IP

Request Client Certificate And Pass To Application

Passing Arguments to iCall Scripts

Automate Let's Encrypt Certificates on BIG-IP

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS