Forum Discussion

COMMS-CORE_1795's avatar
COMMS-CORE_1795
Icon for Nimbostratus rankNimbostratus
Dec 15, 2015

Manage SSL Certificate

Hi all,   Currently I´ve the following configuration in my F5-LTM   VS_HTTPS POOL_HTTPS x.x.x.x:443 x.x.x.x_443   In my web-browser I have install 2 certificates.   W...
application delivery
iRules
Kai_Wilke's avatar
Kai_Wilke
Icon for MVP rankMVP
Dec 15, 2015

Hi BR,

 

i sounds to me you're using a layer4 virtual in the first scenario, where the certificates are bound to the real servers and the mutual SSL-Handshake is performed between your client and the real servers. But in the second scenario you are switching to a layer7 virtual and moving the initial SSL termination to your F5?

 

If this is the case, then the SSL-authentication would just fail, since the F5 simply cant pass the SSL-handshake to the real server. Unfortunately there isn't an easy solution for this behavior. It would require to revesit the entire authentication mechanism to perform pre-authentication and some sort of credential delegation (e.g. X-Forwarded-User, Kerberos Delegation, etc.)...

 

Cheers, Kai