Forum Discussion

Silicon_84874's avatar
Silicon_84874
Icon for Nimbostratus rankNimbostratus
Jan 25, 2012

SSL Authentication by server side

Hi All,

 

 

I'm looking to implement an SSL re-encryption but need to have the real server perform the SSL authentication checks. I know the F5 can perform this check via an iRule, but security policy mandates that no one should be able to query the real server directly. Can someone please point me in the right direction?

 

 

I'm currently on v10.x code. I've been told that v11 offers "proxy SSL"?

 

 

I'd appreciate any suggestions.

 

  • Hi Silicon,

     

     

    In 11.0, we added support for Proxy SSL where you configure the server SSL cert(s)/key(s) in server ssl profile(s) and enable Proxy SSL on a client and the server SSL profiles. TMM then goes into a pass through mode for the SSL handshake so the server receives the actual client cert when it's requested. After the initial handshake, TMM is able to decrypt the bulk crypto and access the decrypted content for use with LTM, iRules, WAM, WOM, etc. Make sure to use the most current 11.x code and latest hotfix as there have been a couple of recent fixes with this feature.

     

     

    Aaron
  • Thanks Aaron, I'll go down the most current v11 code +HF.

     

     

    Regards,

     

    Silicon