F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

ChrisThuys's avatar
ChrisThuys
Icon for Altocumulus rankAltocumulus
Oct 27, 2020

irule to insert a client cert for authorisation to a website

I have configured a VS to act as a reverse proxy for a external vendors website. ie the pool member is the external vendors website. We are also using client and server ssl profiles. The vendors s...
application delivery
iRules
LTM
jaikumar_f5's avatar
jaikumar_f5
Icon for Noctilucent rankNoctilucent
Oct 30, 2020

From what I see your requirement, you dont want to have mutual authentication for your clients. But the external vendor website which is your pool member, requires to have cert produced to access it.

 

You can simply configure a cert in your custom serverssl profile and pass it. By default the cert is none.

In case the vendor would accept only cert CN's, have that installed on LTM and map it to the serverssl profile. This way your clients can connect to the VS without any cert and on the backend LTM will be providing the cert while connecting to the external website.

ChrisThuys's avatar
ChrisThuys
Icon for Altocumulus rankAltocumulus
Nov 24, 2020

Ffinally getting back to this. This is what I have done already however. The backend webserver returnes "400 Bad Request

No required SSL certificate was sent"

 

It appears from the decryoted packet capture that the backend server never requests a certificate it just expects the certificate to be sent.

Is ther ee some way to insert the client certificart e pre-emptively.