Forum Discussion

JCipolla_256443's avatar
JCipolla_256443
Icon for Nimbostratus rankNimbostratus
Jun 08, 2016

iRule to access F5 certificate store

I am looking to create an iRule to inject a client certificate that is not provided in the client session. I can upload the client certificate to the F5, but I am looking at how I would call that fro...
iRules
LTM
security
  • JCipolla_256443's avatar
    JCipolla_256443
    Jun 08, 2016

    As it turns out, I really misinterpreted what I needed for this. This function is provided through the Server SSL profile where it will do the F5 to Server authentication. I'm still pretty new to this type of functionality with LTM, so thanks to everyone for giving me quick responses.

     

Kevin_Stewart's avatar
Kevin_Stewart
Icon for Employee rankEmployee
Jun 08, 2016

Strictly speaking, the client certificate is presented to the server during the SSL handshake and after the server requests it. More important, after the client sends its certificate, it sends a separate message that is digitally signed with its private key. In other words, once you've decrypted the traffic on the client side you cannot send the client's certificate to the backend server in an SSL handshake because you wouldn't have access to the client's private key.

 

So what we need to define now is how you need the client certificate. If your application can accept it in an HTTP header that's the absolute easiest option.