Forum Discussion

Nimbostratus

Jan 24, 2011

pass through client certificate irule

I am currenlty using the irule below for performing SSL passthrough on traffic. Is there any way I could midify this irule so that it only passed through SSL traffic that has a client certificate at...

Cirrostratus

Feb 08, 2011

If there is a client certificate attached re-encrypt the traffic with a server SSL profile and send through to the servers (with the original client certificate included)

This part isn't possible, as LTM doesn't have the private key for the client certificate. Typically in this scenario, people will use an iRule to insert details for the client cert that was presented on the clientside connection into an HTTP header for the server to parse and validate. This potentially requires changing the web app to parse the HTTP header(s) instead of the actual client cert.

Aaron

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

pass through client certificate irule

Recent Discussions

ports are showing open on online scanning tool

Upgrade F5 BIGIP

DNS HM Probe issue

Is XFF a must for ASM WAF DoS

Switch ssl profile based on weak cipher detection via IRULE

Related Content

Slack Mutual TLS Recipe: Adding X-Client-Certificate-SAN header from client certificate

Re: Management Certificate

ASM vs to APM vs and client certificates

Client ssl certification bulk installation

Certifications for security professionals

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS