Forum Discussion
3 Replies
- AceDawg1Nimbostratus
Good afternoon,
Are you terminating SSL at the F5 for this VIP? If not, then inserting any HTTP parameters into the traffic stream will break the connection.
- AceDawg1Nimbostratus
If you are not terminating SSL at the F5, then any HTTP parameter will break the connection.
Refer to the following DevCentral article for details:
https://devcentral.f5.com/questions/http-profile-breaking-https-49615
- JGCumulonimbus
Terminating SSL on the F5 will not work, as some Microsoft/ADFS services use client-side certificates in their call backs, and F5 cannot pass these certificates via the conventional server-side SSL functionality.
There is the Client Certificate Constrained Delegation (C3D) in 13.1 (see Kevin's answer in https://devcentral.f5.com/questions/f5-httpd-and-mod-jk-and-tomcat-full-https-61690 ) that one can use, but one has to know all about the ADFS services before starting anything.
Additionally, all these client-side certificates are changed/replaced regularly, a bit of headache for operation.
Without SSL termination, the F5 HTTP functionality is just not available for use.