cancel
Showing results for 
Search instead for 
Did you mean: 

Big-IP - maTLS

Hello,

 

We're currently setting up an API on a Microsoft Service Fabric cluster(see below). Third party banking clients will be sending requests to the API with their own client certificate(which are subject to change time to time) and we need to pass the cert down to the cluster for mutual TLS authentication. Does anyone know how we might do this? Currently getting a 403 permission denied. If we take the Big-IP out of the loop and directly hit the cluster it works.

 

Third party bank request(unique client certificate) > https://test-api.abc.com > Bip-IP VS(443(*.abc.com)) > Big-IP Pool > SF Cluster:8400

 

 

Thank you,

 

1 REPLY 1

Angelo_V
Cirrus
Cirrus

Hello, I think you need to configure the VIP with the ssl proxy functionality. https://support.f5.com/csp/article/K13385 I hope it helps.