cancel
Showing results for 
Search instead for 
Did you mean: 

Passing Client certificate to pool members for authentication

RobertB
Nimbostratus
Nimbostratus

We are running LTM version BIG-IP 15.1.0.5 Build 0.42.8 Engineering Hotfix. We have a F5 virtual server configured with a client and server SSL profiles for termination and re-encryption. We have a request that the user of this virtual server wants to pass a client certificate for authentication. We want to pass the certificate via headers to the pool member servers vs controlling authentication on the F5. The backend application will process the certificate for authentication. I tried to create iRules to add the header but so far no luck.

I have tried something like:

 

when HTTP_REQUEST {

  HTTP::header insert X-Client-Cert [b64encode [SSL::cert 0]]

}

 

I have viewed other KBs with no luck, any help would be appreciated.

1 REPLY 1

I think you need C3D here, the bigip creates a copy of the client certificate and passes to the backend server.

This is simple step, follow this KB - ​https://support.f5.com/csp/article/K14065425