Forum Discussion
Steve_Lattray_5
Apr 19, 2011Nimbostratus
Pass Client certificate
I would like to be able to pass a client certificate to the server untouched by the F5. I have multiple clients all using the same cert.
hooleylist
Apr 19, 2011Cirrostratus
Hi Steve,
If you don't add a client or server SSL profile to the VS, LTM will not decrypt the traffic and the pool members will see the original client cert. If you need to decrypt the clientside SSL, you cannot have LTM proxy the client's cert as it doesn't have the client's SSL private key.
You could have LTM do one or more of the following:
- check the client cert against a root CA cert you import and configure in the client SSL profile
- validate the client cert against an OCSP server, CRL, etc using the Advanced Client Auth module
- use its own client cert to establish a serverside SSL handshake with the pool members
Aaron
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects