For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Tosin_Omojola's avatar
Tosin_Omojola
Icon for Altostratus rankAltostratus
Jan 15, 2019

Do I Need The Client Private Key to Setup a Two-Way SSL Handshake?

I am trying to configure a two-way SSL authentication but am getting errors stating handshake failure. I need to know if, in the client SSL profile used, whether I need to import the client private(or public) key into the BIG-IP since it will have to present the key for authentication when request is made.

 

I am using the "require" option so the connection would fail unless the authentication succeeds.

 

Thanks for your assistance.

 

application delivery
LTM
TMOS

1 Reply

  • Stanislas_Piro2's avatar
    Stanislas_Piro2
    Icon for Cumulonimbus rankCumulonimbus
    Jan 15, 2019

    In client ssl profile, you must set:

     

    • Private / public key for resource provided by the F5 (like any client SSL profile)
    • public key bundle of all trusted CA for client authentication

    No need to include client private key... if you set this, it is not private anymore ;-)