f5mkuDefault
Apr 08, 2021Cirrus
Solved
2 way ssl facing pool member
hi experts, just want to check, have anyone tried to enable 2 way ssl from which F5 is the client? We know enabling the 2 way on the client ssl profile, this method F5 is the one authenticatin...
- Apr 08, 2021
Hi TIA,
yes, this is possible. In my loadbalancing pool, I have two nginx servers with the following config:
# HTTPS virtual server server { listen 8443 ssl; server_name _; ssl_certificate /etc/ssl/certs/nginx.crt; ssl_certificate_key /etc/ssl/private/nginx.key; ssl_client_certificate /etc/ssl/certs/My_Domain_Issuing_CA.crt;
And in the Server SSL Profile I configured the following.
ltm profile server-ssl pr_serverssl_mtls { app-service none cert ffive01.mydomain.com defaults-from pr_serverssl key ffive01.mydomain.com }
The cert is issued by My_Domain_Issuing_CA. That's all it needs.
KR
Daniel