For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

yk1's avatar
yk1
Icon for Nimbostratus rankNimbostratus
Jun 18, 2019

How to hand client certificate to the server on Kubernetes cluster?

Hi. We attempt to distinguish every user from others by client certificate's subject. Our BIG-IP is connecting to kubernetes cluster which uses calico as cni. Now, BIG-IP receives request on port 443...
Rodrigo_Albuque's avatar
Rodrigo_Albuque
Icon for Cirrocumulus rankCirrocumulus
Jun 18, 2019

Hi Yoko,

 

Are you talking about production traffic? If server-side connection is HTTP, there should be no client certificate sent over to your servers. I guess I didn't quite understand what you're trying to do?

yk1's avatar
yk1
Icon for Nimbostratus rankNimbostratus
Jun 19, 2019

Rodrigo, thank you for your reply.

I'm trying to get subject of client certificate (actually, our application server uses it for user authentication, and cannot recognize who access to without subject). I want only subject, so not necessary to send client certificate itself. Best solution is ssl passthrough (because all BIG-IP has to do is to through requests, I think), but our BIG-IP somehow wouldn't do ssl passthrough, so I'm seeking another solution.