Forum Discussion

Altostratus

Apr 15, 2015

How to Implement 2 Way SSL in F5 LTM

Hi Experts, I have been given a task to implement 2 WAY SSL for one of the VIP. Please guide me how to proceed on this in detail.

Nimbostratus

Oct 17, 2017

I received only web site certificate and chain certificate for this task - 2 way ssl. chain certificate validates the origin of the certificate. the one way ssl was configured already. Explain me please step by step how to configure 2 way ssl for my VS ip:443 only. What must I do with website certificate and chain certificate? I have configured sslclient for my virtual server, but this client was created for one way ssl. I am not able to attache more ssl client profiles to my VS.

Kevin_K_51432

Historic F5 Account

Oct 18, 2017

Greetings,

The Client SSL profile has a Client Authentication section. The two important options are:

Client Certificate (ignore/request/require)
Trusted Certificate Authorities (the CA that signs the client certificate)

Once these are in place (usually require is chosen), the BIG-IP system will verify that the client provided certificate has been signed by the SSL profile's associated Trusted Certificate Authority.

Hope this is helpful,

Kevin

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)