Forum Discussion
COMMS-CORE_1795
Nimbostratus
NimbostratusManage SSL Certificate
Hi all,
Currently I´ve the following configuration in my F5-LTM
VS_HTTPS
POOL_HTTPS
x.x.x.x:443
x.x.x.x_443
In my web-browser I have install 2 certificates.
W...
Kai_Wilke
MVP
MVPHi BR,
i sounds to me you're using a layer4 virtual in the first scenario, where the certificates are bound to the real servers and the mutual SSL-Handshake is performed between your client and the real servers. But in the second scenario you are switching to a layer7 virtual and moving the initial SSL termination to your F5?
If this is the case, then the SSL-authentication would just fail, since the F5 simply cant pass the SSL-handshake to the real server. Unfortunately there isn't an easy solution for this behavior. It would require to revesit the entire authentication mechanism to perform pre-authentication and some sort of credential delegation (e.g. X-Forwarded-User, Kerberos Delegation, etc.)...
Cheers, Kai
