Kevin_Stewart
Employee
EmployeeHelp :: Passing a client cert to internal web server
To anyone,
We use BigIP's to proxy SSL traffic at our security perimeter. The external BigIP terminates the SSL stream, requires client certificates, and passes the unencrypted traffic through the layer 7 firewalls for inspection to the internal BigIP. The internal BigIP re-encrypts the traffic and sends on to SSL-enabled web servers in our environment. We want to be able to pass a "client" certificate to the web server that is requiring (or accepting) client certs from the internal BigIP.
We know that the client certificate can be imbedded in the HTTP header, but many of the applications that we host internally are off-the-shelf products that we cannot or do not have the resources to modify to use header information. It would be of greatest benefit to be able inject the x.509 certificate back into the ssl data stream and to present to the internal web server the same certificate that the client presented to the external BigIP.
Thanks in advance.
Kevin Stewart