Forum Discussion

Historic F5 Account

Mar 31, 2008

SSL Client Certificate question?

I have searched ask f5 and here to find out if it ispossible to forward a client certificate to the backnd while still terminating SSL at the LTM box. Basicaly we have a soap application that is authe...

config

design

Deb_Allen_18

Historic F5 Account

Mar 31, 2008

There is no mechanism by which to directly forward the client's certificate via the standard authentication process, since using the client's cert to establish the session would require the LTM to use the client's private key as well. (A man-in-the-middle attack, basically)

You can instead use the session table to store the certificate & send it to the server via headers, assuming your app can pick it up from there. Here's an example from the iRules codeshare:

http://devcentral.f5.com/wiki/default.aspx/iRules/InsertCertInServerHeaders.html

Click here

HTH

/deb

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)