Mutual Authentication over public internet
I'm having a little trouble finding configuration steps for mutual authentication over the public internet with a SaaS provider. See topology below.
(Inside Hosts) <--> F5 Serverssl <--> F5 Clientssl <--> Internet mutual authentication <--> (SaaS provider)
When building the clientssl profile, I understand that I use 'require' certificate for client authentication and select the CA which to authenticate against. Does the CA reference the certificate and key chosen above? I have my URL using "mutualauthenication.mycompanyname.org" and my cert is a *.mycompanyname.org. does the SaaS provider also have to have my cert and key on the other end for this to work? What I've read is, a cert on the SaaS server, the cert in the SSL profile need to be signed by the same Cert Authority?