Forum Discussion
Missing Certificate after redirect
We have a requirement for any calls coming into https://abc.com to be redirected to Azure APIM https://apim-xyz.com/api
A simple following rule has been setup in F5 for calls coming into https://abc.com
when HTTP_REQUEST {
HTTP::respond 307 Location "https://apim-xyz.com/api"
}
But the problem we are facing is with client certificate.
After the redirect, the client certificate is no longer available and new URL "https://apim-xyz.com/api" is not able to validate the request. We have no control over the client.
We can control F5, redirect and server.
Any help would be greatly appreciated.
rts What is the function of https://abc.com? Are you sending the client to https://apim-xyz.com/api to handle part of the client request and then the client is back to use https://abc.com? I'm not all that familiar with Azure APIM so I'm not aware of it's function in the client request. In regards to the client certificate, is that used as an authentication method for Azure APIM or are you referring to the SSL cert that the client uses to connect to the website? If it's for client authentication I'm not sure how you could handle this without the F5 acting as the proxy between the client and Azure APIM since a redirect just hands the client off to the next URL.
- rtsNimbostratus
abc.com has no function. It is a legacy URL.
Client doesn't return back to abc.com, everything is handled in APIM.
Certificate is used for authentication. I am not too familiar with F5, so any light you can shed on the redirect would be helpful. Or any information on how to achieve authentication in this case.
rts If abc.com is legacy then you want to change your redirect to a 301 rather than a 307. Now in regards to client authentication, they would need a client certificate for both abc.com and apim-xyz.com in order for things to work after the redirect. Most likely the client certificate is for domain abc.com and since the destination is no longer abc.com they would need the one cert to cover both FQDNs or have two certs with each one having the name for the appropriate destination.
- Aswin_mkCumulonimbus
Hello,
1. are you facing any certificate issues while accessing the abc.com and after redirection?\
2. try directly https://apim-xyz.com/api and check getting any certificate issues.
Hope F5 having client SSL profile with SAN name "abc.com"
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com