Forum Discussion

Nimbostratus

Sep 08, 2015

Exchange 2013 ActiveSync Client Certificate Authentication

Hi DevCentraler's, I've setup an Exchange CAS Virtual Server using an iApp template which is working well. (OWA, Autodiscover, ActiveSync, Outlook Anywhere, EWS, OAB) We would like to start...

application delivery

BIG-IP Access Policy Manager (APM)

Historic F5 Account

Sep 09, 2015

If you want the client cert to be presented at the CAS, I think your options are:

Set up a separate VIP for ActiveSync that doesn't terminate SSL (aka passthrough).
Use ProxySSL: https://support.f5.com/kb/en-us/solutions/public/13000/300/sol13385.html.

If you have APM, you could:

Use APM on-demand cert auth, collect the domain name from the user's UPN in the cert, stuff that into a Kerberos SSO request, and auth to the CAS using KCD (the iApp does something similar when deploying APM with smart card auth for OWA).

Nath
Cirrostratus
Mar 18, 2016
This is my problem right now! I tried to configured chain cert and bundle cert but still no luck! Is there any way to use the ActiveSync that f5 will terminate and re-encrypt the traffic up to the CAS server?