Forum Discussion

Ted_Waller_01_1's avatar
Ted_Waller_01_1
Icon for Altocumulus rankAltocumulus
Feb 13, 2017

Client SSL Authentication - AWS API Gateway

I'm looking at utilizing AWS API Gateway for some of our services. The implementation so far takes an API defined on the AWS Gateway, and then proxy that traffic to an F5 external endpoint, which rou...
cloud
iRules
LTM
  • Ted_Waller_01_1's avatar
    Ted_Waller_01_1
    Feb 20, 2017

    Turns out I mainly just fat fingered the actual SSL configuration, and AWS API Gateway doesn't provide a nice error when it simply can't validate the initial chain applied to a virtual server. Overall, this worked as expected. Import the client certificate created on AWS into the F5, use it to be the "Trusted Certificate authority" for Client authentication on the SSL profile, and voila. Future enhancements on AWS would make this simpler, but for now it does work.

     

KashifS_243275's avatar
KashifS_243275
Icon for Nimbostratus rankNimbostratus
Sep 13, 2018

Hello Ted, A couple of quick questions, Do you mean a VS by "external endpoint"? Also from the steps it looks like you may have used two separate certs for this VS, one to create a SSL profile for the VS for decryption and the second one generated at the AWS API gateway to force client authentication? am i wrong? I am trying to set something similar up and wasn't quite sure on a couple of things.