Forum Discussion

Cirrus

Oct 28, 2022

Mutual TLS reference architecture

Hi F5 community, I’m looking for a mutual TLS (2-way TLS) reference architecture document showing flows from client via Big-IP LTM to server. I need to have defined external client connections auth...

application delivery

security

PSFletchTheTek

MVP

Oct 28, 2022

TLS is normally done by certificates.
So you'd need a cert on the VS and one on the client.
And you can then tell the server config to enforce the trust,

The normal issue here is managing and maintaining the certificate on the client's.

It can also be done between f5 and the web servers, as there internal and fixed that's normally a little easier!
Just make sure the certs are kept up to date otherwise they'll all die!
Normally worth renewing each certificate at last a week a part on each web server to try to manage that.

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

Mutual TLS reference architecture

Recent Discussions

self-directed requests fail because of no certificate

Decode ObjectSID from Base64-encode string

iRule - Url rewrite and header replace and pool selection not working

ip x-forwarding

F5 ASM API-Protection Policy

Related Content

F5 Distributed Cloud Customer Edge on F5 rSeries – Reference Architecture

Customer Edge Site High Availability for Application Delivery - Reference Architecture

Site-to-Site Connectivity in F5 Distributed Cloud Network Connect – Reference Architecture

Deploy the NGINX Modern Apps Reference Architecture locally

What is Mutual TLS (mTLS)?

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS