Forum Discussion
Passthrough Clientcertificate from Client -> F5 -> Back-End-Server
Hello,
we've configured a Virtual Server with an attached HTTPS client and HTTPS server profile.
We would like to use Client Certificate Authentication between the User (Client) and our Back-End-Server (Node).
The problem is, that the SSL connection terminates on the F5 System. So we are not able to pass through the SSL Client Certificate Information to Back-End-Server (Node)
Also the validity of the Client-Certificate should be checked on the F5. The CA-Certificate of the Client-Certificate should be placed on the F5 and only these Client-Certificates should be able to call the node. It should be possible to allow more than one ROOT-Certificate.
The SSL-Proxy Mode is no option for us, because we can only use weak ciphers when the Mode is active.
Is there a way to pass through the SSL Client Certificate to Back-End-Server? Maybe with an iRule?
Kind Regards
Winnie
- lorvainNimbostratus
Hello guys,
Have the same problem than Winnie. But indeed we use ASM to protect app on backend server so we need http profile. No way to be transparent on client auth request if we use TLS ?
- SurgeonRet. Employee
Are you doing any with HTTP data on the big-ip for that VIP? iRule, cache, copression, persistence based on any of HTTP data e.g persistence? If not, then just remove all profiles except TCP and let SSL path through
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com