we've configured a Virtual Server with an attached HTTPS client and HTTPS server profile.
We would like to use Client Certificate Authentication between the User (Client) and our Back-End-Server (Node).
The problem is, that the SSL connection terminates on the F5 System.
So we are not able to pass through the SSL Client Certificate Information to Back-End-Server (Node)
Also the validity of the Client-Certificate should be checked on the F5.
The CA-Certificate of the Client-Certificate should be placed on the F5 and only these Client-Certificates should be able to call the node.
It should be possible to allow more than one ROOT-Certificate.
The SSL-Proxy Mode is no option for us, because we can only use weak ciphers when the Mode is active.
Is there a way to pass through the SSL Client Certificate to Back-End-Server? Maybe with an iRule?
Are you doing any with HTTP data on the big-ip for that VIP? iRule, cache, copression, persistence based on any of HTTP data e.g persistence?
If not, then just remove all profiles except TCP and let SSL path through