Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions
Custom Alert Banner

F5 AppWorld 2024 session proposal deadline extended to Friday, December 8th!

BIG-IP Forward Client Cert To Node

AceHunter1965
Altostratus
Altostratus

‎15-Dec-2021 12:27

Hey all,

 

At our company, we have a BIG-IP cluster bridging two networks, with servers / client on both sides (we also have the AWAF module which goes over HTTP requests).

 

Some of our websites require mutual TLS, but the thing is we have a lot of client certificates, and can't load all of them into BIG-IP.

Is there a way to forward the client certificate to the server? We need the certificates to be presented during the handshake and not sent as a header.

 

Thanks!

Labels:
0 Kudos
2 REPLIES 2

AceHunter1965
Altostratus
Altostratus

‎15-Dec-2021 12:31

An important note - We use a single virtual server since all requests go through the same port and into the same IP

0 Kudos

Amine_Kadimi
MVP
MVP

‎15-Dec-2021 12:56

Proxy SSL is the answer. check this for more information:

 

https://support.f5.com/csp/article/K13385

https://techdocs.f5.com/en-us/bigip-16-0-0/big-ip-system-ssl-administration/implementing-proxy-ssl-on-a-single-big-ip-system.html

0 Kudos
Copyright © 2023 Khoros, LLC