Forum Discussion

atoth's avatar
Icon for Cirrus rankCirrus
May 08, 2019

Is it possible to do both 1 way AND 2 way SSL on a single VIP?

So I have a requirement to set up a vip for 2way SSL. The client connects to the site and the site serves the page. This should be simple. However, once the client connects to the site, the site does a 30x redirect to another site to authenticate the user and this seems to break things. I think its doing 1way SSL to the other site, and not responding to the first site's attempt to get it client cert.


The first site was originaly set up for 1 way SSL, and now that I've configured it for 2 way SSL, it seems like some of functionality is broken. Its not possible to set it up for both? That seems like it would violate the point of 2 way SSL if a particular client could just get around it.


1 Reply

  • Hi Atoth,


    Modifying the client authentication in the SSL profile can allow for the VIP to be configured as both 1-way and 2-way.


    However from a security standpoint it kind of nullifies the Cert based authentication becuase even users who dont pass the auth check can get through.


    Client authentication options in ClientSSL profile are as below: 1. Require(Strict and requires client cert authentication) 2. Request(Not strict for client cert authentication for the ssl session to be established) 3. Ignore(Default)


    Regards, Vinit