For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Steve_Brown_882's avatar
Steve_Brown_882
Historic F5 Account
Mar 31, 2008

SSL Client Certificate question?

I have searched ask f5 and here to find out if it ispossible to forward a client certificate to the backnd while still terminating SSL at the LTM box. Basicaly we have a soap application that is authe...
config
design
Deb_Allen_18's avatar
Deb_Allen_18
Historic F5 Account
Mar 31, 2008

 

There is no mechanism by which to directly forward the client's certificate via the standard authentication process, since using the client's cert to establish the session would require the LTM to use the client's private key as well. (A man-in-the-middle attack, basically)

 

 

You can instead use the session table to store the certificate & send it to the server via headers, assuming your app can pick it up from there. Here's an example from the iRules codeshare:

 

http://devcentral.f5.com/wiki/default.aspx/iRules/InsertCertInServerHeaders.html

 

Click here

 

 

 

HTH

 

/deb