Mutual TSL Between Two BigIPs

Question

Hello,&nbsp;I am trying to determine how Mutual TLS (mTLS) can be implemented between 2 Big IPs for API calls. The certificates will reside on the two BigIPs where the authentication will occur. The objective is to isolate the applications such that no changes are required to the applications or certs need to be loaded exchanged between the apps and the Big IP.&nbsp;&nbsp;Based a several AI searches, this is possible but haven't been able to find explicit documentation on if it is supported and how it can be implemented.Any help is appreciated.&nbsp;&nbsp;Client App --&gt; BigIP 1 -mTLS- Big IP 2 --&gt; Server App&nbsp;&nbsp;&nbsp;&nbsp;

mayur_sutare · Answer

Here, you need to configure SERVER-SSL profile on BigIP-1 to send required certificate to BigIP-2 to complete mTLS handshake. On BigIP-2 side, you will configure Client-SSL profile with mTLS configuration as usual.

Hope it helps!

Forum Discussion

Mutual TSL Between Two BigIPs

1 Reply

The New F5 Certified BIG-IP Administrator Certification Exams Now Live

F5 Academies Are Back – And We’re Coming to a City Near You

Recent Discussions

Sending an HTTP request from iRule without delaying client requests

Route Domains HA & Traffic Groups

Horizon View iApp - Big-IP 17.5

r4600 Tenant CPU Assignment

BGP Over 2 vlans to 2 Network switch

Related Content

What is Mutual TLS (mTLS)?

Re: BigIP Report

Verifying Slack Requests with Mutual TLS

BigIP Report Old

Upgrade F5 BIGIP

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS