For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Janez's avatar
Janez
Icon for Nimbostratus rankNimbostratus
Nov 25, 2019

Client use certificate to autenticate to Server

Hello,   I have question how properly configure Client SSL profile and Server SSL profile on virtual server that client can autenticate to server which is behind F5. I want to implement ASM policy...
application delivery
BIG-IP Access Policy Manager (APM)
LTM
security
Janez's avatar
Janez
Icon for Nimbostratus rankNimbostratus
Nov 26, 2019

Hello,

 

Thanks for this but I don't now how I must configure Client SSL profile. Which certificat I must Use.

 

Thanks,

Janez

  • Niels_van_Sluis's avatar
    Niels_van_Sluis
    Icon for MVP rankMVP
    Nov 26, 2019

    You can use whatever Client SSL profile you want, because when using Proxy SSL, this certificate is ignored:

     

    • BIG-IP copies same Server SSL/Back-end Server certificate to Certificate message sent to Client on client-side
      • BIG-IP completely ignores certificate you configured on Client SSL. It always uses the same server-side certificate.

     

    You should import the servers certificate and key:

     

    BIG-IP has an extra configuration requirement for Proxy SSL configuration (according to K13385) that you should add the same certificate/key present on the back-end server to Certificate/Key fields on Server SSL proxy of BIG-IP. This way BIG-IP can decrypt both client and server sides of connection.