Forum Discussion

igorzhuk's avatar
igorzhuk
Icon for Altostratus rankAltostratus
Oct 10, 2018

F5 With explicit proxy

Hi, How I can configure explicit proxy my client go to the application in the outside, the application has a client certificate request I need that f5 send certificate websites

 

Do I need add in server side the certificate that website is trust? (this is in server side because the server side is outside application

 

1 Reply

  • So just to be clear,

     

    • Explicit forward proxy is different that SSL Forward Proxy. An explicit forward proxy is simply a forward proxy that the client knows about and has to talk to directly to reach external resources. By itself, an explicit forward proxy does not decrypt TLS traffic. An SSL Forward Proxy is designed specifically to decrypt outbound TLS traffic by forging the server certificate to the local client.
    • You CANNOT perform SSL Forward Proxy (decrypt and re-encrypt) on traffic that requires a client certificate. You may technically be able to statically define a certificate and key in the SSL Forward Proxy server SSL profile, but then this one certificate would be used for all server-side client cert TLS handshakes.