Forum Discussion
NimbostratusF5 with MTLS
Greetings,
"I'm looking to configure Mutual TLS (mTLS) on my F5 BIG-IP to secure communication between clients and servers in a pool. Can anyone provide guidance on the steps involved in setting up mTLS on the BIG-IP? Specifically, I need to know how to:
- Import server certificates.
- Create Client SSL and Server SSL profiles.
- Configure a pool of servers with the appropriate SSL profiles.
- Set up a virtual server to handle incoming traffic with mTLS.
- Any additional configuration steps or best practices to ensure smooth operation.
Any insights or advice would be greatly appreciated.
Thank you!"
3 Replies
- zamroni777
MVP
you can configure ssl client auth in client profile and server auth in server profile
there are some guides for examples:
How To Configure BIG-IP Part 8 - Client Authentication
How To Configure BIG-IP LTM SSL Profiles: Part 9 - Server Authentication
Client SSL Authentication on BIG-IP as in-depth as it can go | DevCentral
mellalbrahimHi,
many thanks for your reply ,
and how can i send the client certificats information to the backend servers ( origin servers ) .
many thanks.
- zamroni777
you can use example in this guide:
https://my.f5.com/manage/s/article/K95338243
https://clouddocs.f5.com/api/irules/SSL__cert.htmlbasically the f5 reads clien-side's client cert data and put it into http header when forwarding the request to server
