Forum Discussion
Lars_Terje_Vaal
Sep 25, 2007Nimbostratus
Hi. Í have the same problem
I am trying to do the following.
1. client -> bigip : request website
2. bigip -> client : request client cert
3. client -> bigip : send client cert
4. bigip verify client_cert
5. bigip -> backend : forward request to backend
6. backend -> bigip/client : require client certificate.
7. bigip/client -> backend : send client cert.
All this works fine until step 6. But the backend webserver also require client certificate. Now the problem starts. If I understand correctly, this client cert request will not be routet back to the calling client computer, but be handled by BigIP. So somehow I need to manualy do a ssl handshake with backend server, where I forward the client certificate received by BigIP from client.
One solution (which is working) is to pass the certificate into the HTTP header. But this is not an optimal solution, since it is a BizTalk solution at backend which is receiving the call, and if the certificate is required by the IIS server, all information about the certificate will automaticly be passed into the context of the BizTalk message. If the certificate is passed into the HTTP header, this must be done manualy for each BizTalk solution.
Anyone have any idea on how to write this handshake between bigip and backend server in a iRule?
regards
Lars Terje