For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Philip_Lee_6609's avatar
Philip_Lee_6609
Icon for Nimbostratus rankNimbostratus
Sep 21, 2007

SSL cilent certificate authentication

We have a web application (BigIP LTM -> iplanet web servers -> websphere application server).     The web application requires client certificate authentication and HTTPS.     We want to t...
application delivery
dev
devops
iRules
Kirk_Bauer_1018's avatar
Kirk_Bauer_1018
Icon for Altostratus rankAltostratus
Sep 25, 2007
The BIG-IP can not possibly utilize the real client's certificate for the server-side connection because it does not have the key associated with that certificate as the client does not share that information. If you need the server to see the real client's certificate then you will not be able to terminate SSL on the BIG-IP. You can just pass it through untouched so the client and server can talk directly to each other.... the BIG-IP can still do load balancing, but no layer 7 functionality.