Forum Discussion
TLS Client Authentication from Server SSL Profile
Hi,
If you configure TLS Client Authentication on your backend server, you must disable SSL processing on the Virtual Server configured on the BIG-IP. TLS Client Authentication is not passed from clientside to serverside as F5 device doesn't have the private key of the user.
Alternatively, you can apply a valid certificate/key to the SSL Server profile to do client certificate authentication between the bigip device and the backend server. But it's only one certificate for all users.
Hi Yann
It is client authentication between the LTM and the target server we wish to do. We are not passing TLS from the real server to the target server via the LTM. There are two distinct TLS flows here:
Source internal server -> LTM (client SSL profile applied)
LTM -> target server on internet (server SSL profile applied)
The issue is the second flow. The LTM is sending the certificate to the target server as the target server is sending the Certificate Request message. However, it appears the LTM is not sending a Certificate Verify message which the target server is complaining about.
Thanks.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com