Forum Discussion

ptate_72056's avatar
ptate_72056
Icon for Nimbostratus rankNimbostratus
Jul 06, 2011

Client side SSL with client certificate handled elsewhere

Hi All,

 

 

We have a requirement to receive a request over SSL. The request will contain a client certificate. In our solution we will terminate the SSL request at BigIP as normal but we need the client certificate passed to the web server as the web server will be performing the authentication against the CA (long story).

 

 

In terms of configuration, can I terminate SSL using a normal client side SSL profile and ignore the certificate? Will it then be passed to the web server over http or will BigIP want to deal with it and I'll have to write an iRule to forward the certificate on?

 

 

Many thanks

 

 

Phill

1 Reply

  • Hi Phill,

     

     

    TMM can't use the client's cert in an HTTP (or even in an HTTPS) request to the server. HTTP doesn't support client certs. And TMM doesn't have the client's private key to do this via SSL.

     

     

    You can insert the entire cert base64 encoded or specific cert attributes in a custom HTTP header though. Here's one example:

     

     

    http://devcentral.f5.com/wiki/default.aspx/iRules/InsertCertInServerHeaders.html

     

     

    Aaron