Way to pass client cert through vip to the servers.

Question

I've got a customer with a vip set up. This vip has SSL Offloading enabled with a client and serverssl profile enabled on it. He want to have it so his client cert is passed through the vip so that it reaches his servers. He also doesn't want to disable SSL offloading as this causes other problems. Is there an irule that can do this? Or possibly some other way? He wants the ca certs and key to be passed as well, in addition to the main cert.

andrew-f5 · Answer

Hi atoth,&nbsp;It sounds like you're describing our SSL proxy feature noted here, https://support.f5.com/csp/article/K13385?sr=33588210. &nbsp;Can you review that document and see if it matches your needs?&nbsp;Best,Andrew

jaikumar_f5 · Answer

In default scenarios, the serverssl profile which we create does not have the cert in it. The default property is none. So basically the backend server does not perform any authentication for the LTM.

In certain cases, the backend server would require authentication, so we are required to put a cert on the server ssl profile.

In your case, since the flow is like a proxy, you can get the client certificate and put it on the server ssl profile.

So when the connections flows, this client cert will be provided by LTM to the backend servers.

atoth · Answer

SSL proxy may have worked, but at the moment, it seems like the customer will be going with just having SSL offloading removed.

Forum Discussion

Way to pass client cert through vip to the servers.

3 Replies

Recent Discussions

Error while running ansible

ASM instance creation

[ASM] - what is "Browser Challange file" ?

[ASM] - HTML5 Cross-Domain Request Enforcement - CLI command

Reverse Proxy Not Behaving

Related Content

iRule Event Order - HTTPS/SSL - Client & Server Side

Server Side SSL profile not match with Client side SSL profile?

About client profile (apm-forwarding-client-tcp)

Different port from client to F5 as from F5 to server

HTTPS communication and client and server ssl profile