from the above pictures, it seems that the client does not present a client certificate.
02-Apr-2023 23:51 - edited 02-Apr-2023 23:52
I try to test with physical ip(not f5) it work!!
When i change physical ip to vip(f5) it not work.
No not same.
vip(f5) it mean ip load balancer
physical ip it mean DNS name
You have to explain your setup, as it is not clear.
If you test different things, you get different results.
VIP usually is a virtual server with an IP address. A DNS name usually points to this IP address.
So, if I interpreted this correctly.
Your current scenario has a certain service that requires SSL client authentication and is working as intended.
You need F5 to proxy this traffic. Will it still forward traffic to "original" destination, or will it be a new service with a different fqdn? Also, do you plan on using F5 to offload the SSL from your original service, or do you still need encrypted comunication between f5 <> real server?
In your tests via F5, are you testing traffic "directly" with F5 IP or have you configured a "hosts file"/dns entry to point to F5?
This will help us understand better which profiles are required and what options you should enable 🙂
04-Apr-2023 09:58 - edited 04-Apr-2023 10:31
Yes, I still need encrypted comunication between f5 <> real server and I testing traffic "directly" with F5 IP.
How to config on F5 for send client certificate to destination server?
This my config
There's the option to do it with a HTTP header: https://my.f5.com/manage/s/article/K95338243
Or you can enable ProxySSL on both your client- and server- SSL profiles: https://my.f5.com/manage/s/article/K13385