Forum Discussion

Steve_Lattray_5's avatar
Steve_Lattray_5
Icon for Nimbostratus rankNimbostratus
Apr 19, 2011

Pass Client certificate

I would like to be able to pass a client certificate to the server untouched by the F5. I have multiple clients all using the same cert.

2 Replies

  • Hi Steve,

     

     

    If you don't add a client or server SSL profile to the VS, LTM will not decrypt the traffic and the pool members will see the original client cert. If you need to decrypt the clientside SSL, you cannot have LTM proxy the client's cert as it doesn't have the client's SSL private key.

     

     

    You could have LTM do one or more of the following:

     

     

    - check the client cert against a root CA cert you import and configure in the client SSL profile

     

    - validate the client cert against an OCSP server, CRL, etc using the Advanced Client Auth module

     

    - use its own client cert to establish a serverside SSL handshake with the pool members

     

     

    Aaron