cancel
Showing results for 
Search instead for 
Did you mean: 

Passthrough Clientcertificate from Client -> F5 -> Back-End-Server

Winnie_363941
Nimbostratus
Nimbostratus

Hello,

 

we've configured a Virtual Server with an attached HTTPS client and HTTPS server profile.

 

We would like to use Client Certificate Authentication between the User (Client) and our Back-End-Server (Node).

 

The problem is, that the SSL connection terminates on the F5 System. So we are not able to pass through the SSL Client Certificate Information to Back-End-Server (Node)

 

Also the validity of the Client-Certificate should be checked on the F5. The CA-Certificate of the Client-Certificate should be placed on the F5 and only these Client-Certificates should be able to call the node. It should be possible to allow more than one ROOT-Certificate.

 

The SSL-Proxy Mode is no option for us, because we can only use weak ciphers when the Mode is active.

 

Is there a way to pass through the SSL Client Certificate to Back-End-Server? Maybe with an iRule?

 

Kind Regards

 

Winnie

 

2 REPLIES 2

Surgeon
Legacy Employee
Legacy Employee

Are you doing any with HTTP data on the big-ip for that VIP? iRule, cache, copression, persistence based on any of HTTP data e.g persistence? If not, then just remove all profiles except TCP and let SSL path through

 

lorvain
Nimbostratus
Nimbostratus

Hello guys,

 

Have the same problem than Winnie. But indeed we use ASM to protect app on backend server so we need http profile. No way to be transparent on client auth request if we use TLS ?