Forum Discussion

ChrisThuys's avatar
ChrisThuys
Icon for Altocumulus rankAltocumulus
Oct 27, 2020

irule to insert a client cert for authorisation to a website

I have configured a VS to act as a reverse proxy for a external vendors website. ie the pool member is the external vendors website. We are also using client and server ssl profiles. The vendors s...
application delivery
iRules
LTM
jaikumar_f5's avatar
jaikumar_f5
Icon for MVP rankMVP

From what I see your requirement, you dont want to have mutual authentication for your clients. But the external vendor website which is your pool member, requires to have cert produced to access it.

 

You can simply configure a cert in your custom serverssl profile and pass it. By default the cert is none.

In case the vendor would accept only cert CN's, have that installed on LTM and map it to the serverssl profile. This way your clients can connect to the VS without any cert and on the backend LTM will be providing the cert while connecting to the external website.

ChrisThuys's avatar
ChrisThuys
Icon for Altocumulus rankAltocumulus
Nov 25, 2020

Ffinally getting back to this. This is what I have done already however. The backend webserver returnes "400 Bad Request

No required SSL certificate was sent"

 

It appears from the decryoted packet capture that the backend server never requests a certificate it just expects the certificate to be sent.

Is ther ee some way to insert the client certificart e pre-emptively.