02-Apr-2023 20:48
02-Apr-2023 23:13
from the above pictures, it seems that the client does not present a client certificate.
https://my.f5.com/manage/s/article/K12140946
02-Apr-2023 23:51 - edited 02-Apr-2023 23:52
I try to test with physical ip(not f5) it work!!
When i change physical ip to vip(f5) it not work.
03-Apr-2023 00:54
No not same.
vip(f5) it mean ip load balancer
physical ip it mean DNS name
Thanks
03-Apr-2023 01:52
You have to explain your setup, as it is not clear.
If you test different things, you get different results.
VIP usually is a virtual server with an IP address. A DNS name usually points to this IP address.
03-Apr-2023 03:29
So, if I interpreted this correctly.
Your current scenario has a certain service that requires SSL client authentication and is working as intended.
You need F5 to proxy this traffic. Will it still forward traffic to "original" destination, or will it be a new service with a different fqdn? Also, do you plan on using F5 to offload the SSL from your original service, or do you still need encrypted comunication between f5 <> real server?
In your tests via F5, are you testing traffic "directly" with F5 IP or have you configured a "hosts file"/dns entry to point to F5?
This will help us understand better which profiles are required and what options you should enable 🙂
Regards
CA
04-Apr-2023 09:58 - edited 04-Apr-2023 10:31
Yes, I still need encrypted comunication between f5 <> real server and I testing traffic "directly" with F5 IP.
How to config on F5 for send client certificate to destination server?
This my config
Thanks
05-Apr-2023 05:12
There's the option to do it with a HTTP header: https://my.f5.com/manage/s/article/K95338243
Or you can enable ProxySSL on both your client- and server- SSL profiles: https://my.f5.com/manage/s/article/K13385