SSL Client Certificate question?

Question

I have searched ask f5 and here to find out if it ispossible to forward a client certificate to the backnd while still terminating SSL at the LTM box. Basicaly we have a soap application that is authenticating soap traffic on the backend via client certificates. We need to ecrypt and decrypt on the ltm to direct traffic to the appropriate backend, but we need to then pass the client certificate to the backend. I could not find anything in the clientssl or serverssl settings that specified this or anything in the documentation.

deb_allen_18 · Answer

&nbsp;There is no mechanism by which to directly forward the client's certificate via the standard authentication process, since using the client's cert to establish the session would require the LTM to use the client's private key as well. (A man-in-the-middle attack, basically)&nbsp;
&nbsp;You can instead use the session table to store the certificate &amp; send it to the server via headers, assuming your app can pick it up from there.  Here's an example from the iRules codeshare:
&nbsp;http://devcentral.f5.com/wiki/default.aspx/iRules/InsertCertInServerHeaders.html&nbsp;Click here&nbsp;&nbsp;
&nbsp;HTH
&nbsp;/deb&nbsp;&nbsp;

Forum Discussion

SSL Client Certificate question?

1 Reply

F5 Academy at AppWorld 2026

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

Connection Rest f5

Kubernetes cert-manager + LetsEncrypt + F5

The GSLB pool is providing an incorrect IP to end users

Unable to ping from some self ip on Velos

Not seeing the latest F5OS-A when running Journeys

Related Content

Automating Certificate Management on F5 BIG-IP

Automating ACMEv2 Certificate Management on BIG-IP

some questions on device Trust Certificate?

SSL Client Certification Alert 46 Unknown CA

BIG-IQ Client Certificate (PKI) Authentication

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS