Forum Discussion
NimbostratusManage SSL Certificate
Hi all,
Currently I´ve the following configuration in my F5-LTM
VS_HTTPS POOL_HTTPS x.x.x.x:443 x.x.x.x_443
In my web-browser I have install 2 certificates.
When I accessing a URL, the browser let me chose the certificates. When I accept the certificates (are a test certificates) I can validate with my servers and I can enter in my application.
But my problem appears when I use an iRule X-FORWARD-FOR (with a http profile in the VS configuration). In this moment the configuration would be:
VS_HTTPS iRULE_X_FORWARD_FOR POOL_HTTPS x.x.x.x:443 x.x.x.x_443
When I put the iRule, my browser doesn´t show me the certificates and I can not access to my application.
Please, can you help me?
BR
1 Reply
- Kai_Wilke
MVP
Hi BR,
i sounds to me you're using a layer4 virtual in the first scenario, where the certificates are bound to the real servers and the mutual SSL-Handshake is performed between your client and the real servers. But in the second scenario you are switching to a layer7 virtual and moving the initial SSL termination to your F5?
If this is the case, then the SSL-authentication would just fail, since the F5 simply cant pass the SSL-handshake to the real server. Unfortunately there isn't an easy solution for this behavior. It would require to revesit the entire authentication mechanism to perform pre-authentication and some sort of credential delegation (e.g. X-Forwarded-User, Kerberos Delegation, etc.)...
Cheers, Kai
