F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

Sencko_83194's avatar
Sencko_83194
Icon for Nimbostratus rankNimbostratus
Jan 25, 2013

Switch off Trusted CA Check for Client Cert Authentication

We have BigIp breaking SSL and redirecting the requests to a backend server. We want to support client cert authentication, but the Trusted CA check should not be done on the BigIp but on the backend system. The certificate chain of the client certificate and the client certificate is sent as HTTP header to the backend server.

 

 

Is there a way to switch off this feature and just terminate the ssl and check whenever the ssl peer is in possesion of the private key and leave the certificate trust logic to the backend?

 

 

If I put none as trusted CA list then SSL handshake fails with ca not trusted alert.

 

 

Best Regards,

 

Aleksandar

 

security

3 Replies

  • nitass's avatar
    nitass
    Icon for Employee rankEmployee
    Jan 25, 2013
    is proxy ssl feature applicable?

     

     

    sol13385: Overview of Proxy SSL feature

     

    http://support.f5.com/kb/en-us/solutions/public/13000/300/sol13385
  • hoolio's avatar
    hoolio
    Icon for Cirrostratus rankCirrostratus
    Jan 28, 2013
    Can you change the cert mode to request on the client SSL profile?

     

     

    Aaron