Forum Discussion

Nimbostratus

Jun 08, 2016

Solved

iRule to access F5 certificate store

I am looking to create an iRule to inject a client certificate that is not provided in the client session. I can upload the client certificate to the F5, but I am looking at how I would call that fro...

iRules

LTM

security

JCipolla_256443
Jun 08, 2016
As it turns out, I really misinterpreted what I needed for this. This function is provided through the Server SSL profile where it will do the F5 to Server authentication. I'm still pretty new to this type of functionality with LTM, so thanks to everyone for giving me quick responses.

Kevin_Stewart

Employee

Jun 08, 2016

Strictly speaking, the client certificate is presented to the server during the SSL handshake and after the server requests it. More important, after the client sends its certificate, it sends a separate message that is digitally signed with its private key. In other words, once you've decrypted the traffic on the client side you cannot send the client's certificate to the backend server in an SSL handshake because you wouldn't have access to the client's private key.

So what we need to define now is how you need the client certificate. If your application can accept it in an HTTP header that's the absolute easiest option.

Forum Discussion

iRule to access F5 certificate store

Recent Discussions

Script to send an email if Traffic-group failovers on F5

HA (Active-Standby) with R2600 and BIG-IP i2600

ASM-legitimate traffic

gtm_add failing due to CERT error

How to register a license to access the support portal?

Related Content

F5 Access App and Machine Certificates

IRule for Exact resource access rejection

SSL Certificate renewal without any downtime

irule ports

mulitple irules accessing the same sub table