Forum Discussion

yk1's avatar
yk1
Icon for Nimbostratus rankNimbostratus
Jun 18, 2019

How to hand client certificate to the server on Kubernetes cluster?

Hi. We attempt to distinguish every user from others by client certificate's subject. Our BIG-IP is connecting to kubernetes cluster which uses calico as cni. Now, BIG-IP receives request on port 443(https), and servers receive on port 80(http). But when do it, servers cannot get client certificate's subject. I tried to apply iRules to the virtual server, but it's configured by f5-bigip-ctrl, and iRules always dissappeared. How should I do? Thanks!

2 Replies

  • Hi Yoko,

     

    Are you talking about production traffic? If server-side connection is HTTP, there should be no client certificate sent over to your servers. I guess I didn't quite understand what you're trying to do?

    • yk1's avatar
      yk1
      Icon for Nimbostratus rankNimbostratus

      Rodrigo, thank you for your reply.

      I'm trying to get subject of client certificate (actually, our application server uses it for user authentication, and cannot recognize who access to without subject). I want only subject, so not necessary to send client certificate itself. Best solution is ssl passthrough (because all BIG-IP has to do is to through requests, I think), but our BIG-IP somehow wouldn't do ssl passthrough, so I'm seeking another solution.