Client side SSL with client certificate handled elsewhere
We have a requirement to receive a request over SSL. The request will contain a client certificate. In our solution we will terminate the SSL request at BigIP as normal but we need the client certificate passed to the web server as the web server will be performing the authentication against the CA (long story).
In terms of configuration, can I terminate SSL using a normal client side SSL profile and ignore the certificate? Will it then be passed to the web server over http or will BigIP want to deal with it and I'll have to write an iRule to forward the certificate on?