F5 LTM Reverse Proxy configuration for CarbonBlack Sensors

Greetings Folks,

 

I'm attempting to configure an instance of an F5 LTM to function as a reverse proxy for CarbonBlack (Cb) Sensors attempting to communicate with Cb servers in our corporate network. According to Cb documentation I need to import the server certificate and key, and implement an iRule to append the cert serial number to the header. I am using both a Client and Server SSL Profile in the Virtual Server configuration. The Server SSL Profile is configured to use the serverssl profile, and the Client SSL Profile is configured to use a Custom Profile using clientssl as the parent profile. I also specify (within the client SSL profile) the Key, Cert, and CA to use, provided to me by the Cb Server for use in client authentication between the Cb Sensor and the F5 Virtual Server.

 

I am having problems establishing a successful check-in with the Cb server and I receive an HTTP 403 error in the Cb access logs and a MissingClientCertException in the Cb debug log with each attempt to check in. I suspect I have a misconfigured Server SSL in the F5 Virtual Server that is preventing a successful renegotiation with Cb Server in the corp network. I'm not entirely sure where to begin looking at this, but does anyone have any experience configuring Cb Sensors through F5 LTM Reverse Proxies or can refer me to some documentation?

 

Thanks.