My environment is basically a web hosting datacenter, some web applications requires ssl authentication from clients attempting to connect with these services. The web server it self is the one doing this authentication.
I need to know how to configure the virtual server in order to pass the certeficate presented by the client to the web server it self ( or a work around of course that would fullfil the same purpose).
Currently, such applications' virtual servers are set as preformance (layer4), ie no inspection is done.
I think this has a relation with server ssl profile , which i dont quiet understand.Here are some work arounds i thought about:
1- I link my f5 to my active directory and let the f5 the one require the ssl certificate and authenticate the user.
2- There is a Virtual server type that i dont know about that can pass client certificate to the web server.
My current f5 version is 16.1.3 running as a virtual machine.
Hi @Gebo ,
F5 Bigip can do this , bigip IP can give the servers the upper hand to terminate ssl connections without intervensions by using the proxy ssl feature , look at this articles contain more details and steps to do that :
using proxy ssl leverages you :
I hope this helps you 🙂
HTTP profiles are not compatible with virtual servers that perform HTTPS passthrough like LAYER 4 performance VIPs , since the HTTP profile cannot see any of the HTTP headers or content inside the SSL encrypted packets passing through the virtual server.
Moreover, applying an HTTP profile to an HTTPS passthrough virtual server can actually break the virtual servers functionality, or impact the performance of the application hosted by the virtual server.
To perform a data inspection for encrypted (HTTPS) traffic, you must associate the Secure Sockets Layer (SSL) profile to a standard virtual server so that it can decrypt and re-encrypt the traffic passing through the virtual server.
F5 recommends that you use the HTTPS profile with a standard virtual server instead of a Layer 4 virtual server
When you assign an HTTP profile to a Layer 4 virtual server, you can use this combination only to gather statistics on HTTP data, as well as with some iRule commands that perform HTTP data read-only operations.
The following list describes the limitations of the HTTP profile when you use it with the Layer 4 virtual server:
Note: For more information, refer to K12015: Configuration requirements for SSL virtual servers, profiles, pools, and monitors.