Mutual Authentication

Historic F5 Account

Jan 18, 2017

Another option to consider, the TLS SNI feature was implemented for such a problem.

Server Name Indication From Wikipedia, the free encyclopedia Server Name Indication (SNI) is an extension to the TLS computer networking protocol[1] by which a client indicates which hostname it is attempting to connect to at the start of the handshaking process. This allows a server to present multiple certificates on the same IP address and TCP port number and hence allows multiple secure (HTTPS) websites (or any other Service over TLS) to be served off the same IP address without requiring all those sites to use the same certificate. It is the conceptual equivalent to HTTP/1.1 name-based virtual hosting, but for HTTPS. The desired hostname is not encrypted,[2] so an eavesdropper can see which site is being requested

Implementing on the BIG-IP:

K13452: Configuring a virtual server to serve multiple HTTPS sites using the TLS Server Name Indication feature

https://support.f5.com/csp/article/K13452

Kevin

Forum Discussion

Mutual Authentication

Recent Discussions

F5Access | MacOS Sonoma

AS3 Deployments (shared objects)

Inquiry on F5's Maintenance Mode Feature for Pool Members

Ansible modules for F5OS

VPN fragmented IP packets dropped

Related Content

What is Mutual TLS (mTLS)?

F5 BIG-IP Access Policy Manager (APM) - Google Authenticator and Microsoft Authenticator

Selective mutual authentication by HTTP::Host

Verifying Slack Requests with Mutual TLS

Doing mTLS Authentication per URL