For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

becky_76258's avatar
becky_76258
Icon for Nimbostratus rankNimbostratus
Mar 31, 2010

Client Certs and SSL offload on LTM

Hi,     My client is currently running their website on a single server. The https home page uses a domain SSL cert installed on the server. Website users then also download a client certif...
management
microsoft
scom
becky_76258's avatar
becky_76258
Icon for Nimbostratus rankNimbostratus
Apr 07, 2010
Hi Aaron,

 

 

Thanks for the response. I am quite new to iRules and having trouble picking out the bits I need to do the job. It seems the app developers are happy to offload all of the SSL functionality onto the load balancer, so I won't necessarily need to pass the client certificate information to the web server. So what I would like to achieve is:

 

 

Use a class map to specify URIs which require a client cert.

 

Check if client cert is present and that it is valid.

 

If there is no valid client cert, send back a HTTP 403.7 error to advise user that a certificate is required.

 

If client cert exists and is valid, allow access to the application.

 

 

I am sure this quite simple to achieve, any help would be greatly appreciated.

 

 

Many thanks,

 

 

Becky