Forum Discussion

Cirrus

May 07, 2019

Is it possible to do both 1 way AND 2 way SSL on a single VIP?

So I have a requirement to set up a vip for 2way SSL. The client connects to the site and the site serves the page. This should be simple. However, once the client connects to the site, the site d...

LTM

security

Vinit_Ajgaonkar

Nimbostratus

May 07, 2019

Hi Atoth,

Modifying the client authentication in the SSL profile can allow for the VIP to be configured as both 1-way and 2-way.

However from a security standpoint it kind of nullifies the Cert based authentication becuase even users who dont pass the auth check can get through.

Client authentication options in ClientSSL profile are as below: 1. Require(Strict and requires client cert authentication) 2. Request(Not strict for client cert authentication for the ssl session to be established) 3. Ignore(Default)

Regards, Vinit

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

Is it possible to do both 1 way AND 2 way SSL on a single VIP?

Jonathan - March 2026 Featured Member

F5 AppWorld 2026 Las Vegas - iRules Contest Winners!

2026 F5 DevCentral MVP Announcement

Recent Discussions

iRules for recreation: HTTP Protocol Parser implemented using BIG-IP iRule(unfinished)

F5 BIG-IP DNS/Audit Logs — Structured Format for SIEM Ingestion

GIS app loading very slow through F5 LTM

F5 Device Management Certificate renewal

Recommendation for Adv. Lab

Related Content

Logging/Blocking possible prompt injection

Single Node Persistence

Single Boot Volume

Brute Force protection for single parameter like OTP

X Forwarded For Single Header Insert

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS