Forum Discussion

WaterlooSysAdmi's avatar
Feb 18, 2020

Big-IP - maTLS

Hello,

 

We're currently setting up an API on a Microsoft Service Fabric cluster(see below). Third party banking clients will be sending requests to the API with their own client certificate(which are subject to change time to time) and we need to pass the cert down to the cluster for mutual TLS authentication. Does anyone know how we might do this? Currently getting a 403 permission denied. If we take the Big-IP out of the loop and directly hit the cluster it works.

 

Third party bank request(unique client certificate) > https://test-api.abc.com > Bip-IP VS(443(*.abc.com)) > Big-IP Pool > SF Cluster:8400

 

 

Thank you,

 

1 Reply

  • Hello, I think you need to configure the VIP with the ssl proxy functionality. https://support.f5.com/csp/article/K13385 I hope it helps.