Forum Discussion
Kevin_Stewart
Aug 15, 2006Employee
Help :: Passing a client cert to internal web server
To anyone,
We use BigIP's to proxy SSL traffic at our security perimeter. The external BigIP terminates the SSL stream, requires client certificates, and passes the unencrypted traffic through the layer 7 firewalls for inspection to the internal BigIP. The internal BigIP re-encrypts the traffic and sends on to SSL-enabled web servers in our environment. We want to be able to pass a "client" certificate to the web server that is requiring (or accepting) client certs from the internal BigIP.
We know that the client certificate can be imbedded in the HTTP header, but many of the applications that we host internally are off-the-shelf products that we cannot or do not have the resources to modify to use header information. It would be of greatest benefit to be able inject the x.509 certificate back into the ssl data stream and to present to the internal web server the same certificate that the client presented to the external BigIP.
Thanks in advance.
Kevin Stewart
No RepliesBe the first to reply
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects