For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

ptate_72056's avatar
ptate_72056
Icon for Nimbostratus rankNimbostratus
Jul 06, 2011

Client side SSL with client certificate handled elsewhere

Hi All,     We have a requirement to receive a request over SSL. The request will contain a client certificate. In our solution we will terminate the SSL request at BigIP as normal but we need t...
config
design
hoolio's avatar
hoolio
Icon for Cirrostratus rankCirrostratus
Jul 06, 2011
Hi Phill,

 

 

TMM can't use the client's cert in an HTTP (or even in an HTTPS) request to the server. HTTP doesn't support client certs. And TMM doesn't have the client's private key to do this via SSL.

 

 

You can insert the entire cert base64 encoded or specific cert attributes in a custom HTTP header though. Here's one example:

 

 

http://devcentral.f5.com/wiki/default.aspx/iRules/InsertCertInServerHeaders.html

 

 

Aaron