Forum Discussion

Cirrostratus

Sep 10, 2011

Forward client certificate info to applications

We have a custom .NET application from a third party that uses client certificate information to authenticate users. The application runs on a single web server at the moment and handles the SSL ...

Cirrostratus

Sep 12, 2011

It's possible there is a serverside plugin you could use for this. But I'm not aware of one.

In v11, there is a new feature called Proxy SSL which you can use for this type of scenario where you need to pass the original client cert onto the pool. Basically, you import the server cert/key(s) to LTM. LTM will allow the client and selected pool member to negotiate an SSL handshake directly. LTM watches to see what server cert the pool member uses. It then intercepts subsequent communication and decrypts the SSL allowing you to inspect/modify with the unencrypted content. This includes adding an HTTP profile to the virtual server. I couldn't find much public documentation on this, but you could open a case with F5 Support to request more details and a documentation update.

Aaron

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

Forward client certificate info to applications

Recent Discussions

Reporting Help Needed

Switch ssl profile based on weak cipher detection via IRULE

F5 looses the token for the first call

iRule - Url rewrite and header replace and pool selection not working

full-proxy HTTP2

Related Content

Edit the url before forwarding to an application

BIG-IQ Certificate

Need help - Configure forwarding proxy chain

SSL Intercept SHA1 Certificate

101 - Application Delivery Fundamentals

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS