Cory_50405
Aug 13, 2012Noctilucent
SSL certificate authentication
We have a customer with a requirement to enable SSL certificate based authentication to their web server. They have only one certificate that they would like to be able to authenticate with. We also must terminate their SSL session, inspect (ASM), re-encrypt and pass along to the destination web server. Here's my proposed setup:
- create SSL client profile with the web server certificate for SSL termination, require client certificate authentication based on a trusted certificate authority that I create which will include the certificate which the client will present for authentication
- create SSL server profile with the web server certificate for SSL re-encryption, no authentication
Any authentication gurus out there know if this will work, or if it needs to/should be done a different way?
There's also another possible sticking point, which is passing the client certificate back to the destination web server. Is this a possibility?