F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

Janez's avatar
Janez
Icon for Nimbostratus rankNimbostratus
Nov 25, 2019

Client use certificate to autenticate to Server

Hello,   I have question how properly configure Client SSL profile and Server SSL profile on virtual server that client can autenticate to server which is behind F5. I want to implement ASM policy...
application delivery
BIG-IP Access Policy Manager (APM)
LTM
security
Janez's avatar
Janez
Icon for Nimbostratus rankNimbostratus
Nov 26, 2019

Hello,

 

Thanks for this but I don't now how I must configure Client SSL profile. Which certificat I must Use.

 

Thanks,

Janez

Niels_van_Sluis's avatar
Niels_van_Sluis
Icon for MVP rankMVP
Nov 26, 2019

You can use whatever Client SSL profile you want, because when using Proxy SSL, this certificate is ignored:

 

  • BIG-IP copies same Server SSL/Back-end Server certificate to Certificate message sent to Client on client-side
    • BIG-IP completely ignores certificate you configured on Client SSL. It always uses the same server-side certificate.

 

You should import the servers certificate and key:

 

BIG-IP has an extra configuration requirement for Proxy SSL configuration (according to K13385) that you should add the same certificate/key present on the back-end server to Certificate/Key fields on Server SSL proxy of BIG-IP. This way BIG-IP can decrypt both client and server sides of connection.