How to configure virtual server with web server that requires ssl certificate from clients ?

Hi Gebo,

HTTP profiles are not compatible with virtual servers that perform HTTPS passthrough like LAYER 4 performance VIPs , since the HTTP profile cannot see any of the HTTP headers or content inside the SSL encrypted packets passing through the virtual server.

Moreover, applying an HTTP profile to an HTTPS passthrough virtual server can actually break the virtual servers functionality, or impact the performance of the application hosted by the virtual server. 

To perform a data inspection for encrypted (HTTPS) traffic, you must associate the Secure Sockets Layer (SSL) profile to a standard virtual server so that it can decrypt and re-encrypt the traffic passing through the virtual server.

F5 recommends that you use the HTTPS profile with a standard virtual server instead of a Layer 4 virtual server 

When you assign an HTTP profile to a Layer 4 virtual server, you can use this combination only to gather statistics on HTTP data, as well as with some iRule commands that perform HTTP data read-only operations.

The following list describes the limitations of the HTTP profile when you use it with the Layer 4 virtual server:

• You cannot manipulate HTTP data, such as modifying the HTTP header.
• You cannot associate the HTTP compression profile with the Layer 4 virtual server.
• You cannot associate the Web Acceleration profile with the Layer 4 virtual server.
• Any iRule commands that attempt to manipulate HTTP data will result in and error and a connection reset.
• To trigger HTTP iRule events, the virtual server must access all packets in a connection.
•  
• If the FastL4 profile allows connections where the BIG-IP system does not access all packets (for example when the Loose Init or Loose Close options are enabled), then the HTTP profile may be ineffective.

  Note: For more information, refer to K12015: Configuration requirements for SSL virtual servers, profiles, pools, and monitors.

   

  HTH

  🙏