BigIP User SSL Authentication
Hi Guys, Let's start with the setup: 1 Domain Controller (also acting as CA) 2 IIS servers 1 BigIP 1 Windows PC
I want to use SSL to authenticate the user using the windows PC. I set up an IIS Site = > using an a domain certificate. I Create a certificate for the user. I test the setup connecting the user pc directly to the IIS servers. The user loads the website. He is presented with a certificate choice popup. He chooses the certificate and logs on the site successfully. Now comes in the BigIP :-) I set up an https VS. with a client and server SSL Profile. BigIP version 10.x The User loads the site and gets 403 - Forbidden: Access is denied. I understand I'm getting this because the website is configured to require the user certificate but it is not getting the user certificate. The VS is a standard SSL HTTPS VS using a client and a server SSL profile. So the BigIP is doing a decryption/encryption operation and presenting the server ssl profile to the IIS server just to encrypt the traffic and not to authenticate the user. I can make it work only if I use the VS type Performance (HTTP) which is a passthough type so the client PC is talking directly to the IIS server and presenting the user certificate to the IIS server. I Also understand that there are authentication modules which can make this work. So My questions: 1. Am I missing anything 2. Am I right in thinking the only way to make this work without any authentication module is to create a performance(HTTP) VS?
Thanks for your time.