Hi, I have a new requirement wherein clients would use client certificates which would be validated by server. Currently, server side is https and client side is http. I have a query - Can client side be http for client certificate authentication?Do i need to do any change in client side authentication (like proxy ssl)? Clients would use symantec certificates for validation and client side certificate is digicert

Configure a secondary external listener for port 443. Whether you also bring SSL termination to BigIP or not is up to you to decide. You can make SSL-MA work with SSL-passthrough and SSL-terminate setups. What you asked for is not possible. I don't see how SSL-MA over a non-SSL client-side connection can work under any circumstances.

Forum Discussion

Nuruddin_Ahmed_

Cirrostratus

Jul 17, 2016

Proxy SSL - Server Side HTTP

Hi,

I have a new requirement wherein clients would use client certificates which would be validated by server. Currently, server side is https and client side is http. I have a query -

Can client side be http for client certificate authentication?
Do i need to do any change in client side authentication (like proxy ssl)? Clients would use symantec certificates for validation and client side certificate is digicert

application delivery

LTM

1 Reply

Hannes_Rapp
Nimbostratus
Jul 17, 2016
Configure a secondary external listener for port 443. Whether you also bring SSL termination to BigIP or not is up to you to decide. You can make SSL-MA work with SSL-passthrough and SSL-terminate setups.

What you asked for is not possible. I don't see how SSL-MA over a non-SSL client-side connection can work under any circumstances.