Sencko_83194
Jan 25, 2013Nimbostratus
Switch off Trusted CA Check for Client Cert Authentication
We have BigIp breaking SSL and redirecting the requests to a backend server. We want to support client cert authentication, but the Trusted CA check should not be done on the BigIp but on the backend system. The certificate chain of the client certificate and the client certificate is sent as HTTP header to the backend server.
Is there a way to switch off this feature and just terminate the ssl and check whenever the ssl peer is in possesion of the private key and leave the certificate trust logic to the backend?
If I put none as trusted CA list then SSL handshake fails with ca not trusted alert.
Best Regards,
Aleksandar