Forum Discussion
hooleylist
Apr 08, 2008Cirrostratus
Hello,
Are you wanting the client to present a cert on the client - VIP connection? Or do you want the BIG-IP to use the same client cert regardless of what the client includes in it's request?
If the former, you can use a client SSL profile with client cert set to request or require. You can use an iRule to parse the client cert and insert it into an HTTP header. You need to add an HTTP profile in order to insert an HTTP header using an iRule. The application would parse this HTTP header to determine whether the request is valid. There is an example of the iRule in the Codeshare (Click here). If you want to do validation of the client cert in a rule, you can start with this example (Click here).
If you want to have the BIG-IP use a single client cert in all requests made to the pool, you can configure this in a server SSL profile. For details on this, check the LTM configuration guide for your version on AskF5.com.
Aaron