Forum Discussion
Philip_Lee_6609
Nimbostratus
NimbostratusSSL cilent certificate authentication
We have a web application (BigIP LTM -> iplanet web servers -> websphere application server).
The web application requires client certificate authentication and HTTPS.
We want to terminate the SSL in the BigIP and would like to do the client certificate authentication in the web server. Is this possible? So far, i can't get it to work.
The other option is to turn on client certificate authentication in the BigIP and pass the client certificate to the web server. Of course, the client certificate authentication is turned on in the web server.
I have tried to turn off client certificate authentication in the web server and turn on client certificate authentication in the bigip ltm and use irule to pass the client certificate in base64 format but that doesn't work..
any other options??
14 Replies
zaferHow can i do with SSL termination
i found some irule for incerting to header but it didnt solve my problem
regards
zafer- zaferHow can i do with SSL termination
i found some irule for incerting to header but it didnt solve my problem
regards
zafer 
hoolioCirrostratus
Hi Zafer,
Can you elaborate on what you're trying to accomplish, what you've tried and what is not working?
You can use the client SSL profile's option for client cert to change how LTM handles client certs for a VIP. To require a client cert for all requests, set the client cert mode to require. Clients who make requests without a valid client cert will receive a TCP reset. If you want to handle this more gracefully, you can set the mode to request and then use SSL::verify_result (Click here) to check the validity of the cert. You could then send an HTTP response to clients who do not present a valid cert.
Aaron- zafersorry for multiple message its browser bug
Aaron i send new post
regards
zafer
