Forum Discussion

Janez's avatar
Janez
Icon for Nimbostratus rankNimbostratus
Nov 25, 2019

Client use certificate to autenticate to Server

Hello,   I have question how properly configure Client SSL profile and Server SSL profile on virtual server that client can autenticate to server which is behind F5. I want to implement ASM policy...
application delivery
BIG-IP Access Policy Manager (APM)
LTM
security
Janez's avatar
Janez
Icon for Nimbostratus rankNimbostratus
Nov 26, 2019

Hello,

 

Thanks for this but I don't now how I must configure Client SSL profile. Which certificat I must Use.

 

Thanks,

Janez

  • Niels_van_Sluis's avatar
    Niels_van_Sluis
    Icon for MVP rankMVP
    Nov 26, 2019

    You can use whatever Client SSL profile you want, because when using Proxy SSL, this certificate is ignored:

     

    • BIG-IP copies same Server SSL/Back-end Server certificate to Certificate message sent to Client on client-side
      • BIG-IP completely ignores certificate you configured on Client SSL. It always uses the same server-side certificate.

     

    You should import the servers certificate and key:

     

    BIG-IP has an extra configuration requirement for Proxy SSL configuration (according to K13385) that you should add the same certificate/key present on the back-end server to Certificate/Key fields on Server SSL proxy of BIG-IP. This way BIG-IP can decrypt both client and server sides of connection.