Forum Discussion
Mike_Maher
Feb 01, 2012Nimbostratus
Mike,
So basically you want to be able to pass a certificate from a client through the LTM to one of the servers on the back side is what I am hearing.
You are going to need to use an iRule for this and put the information into the Header for the server to read. I am doing something like this with one of our applications that runs through an ASM. Your issue is that the connection is proxied and the client certificate is not being passed from the client side of the connection to the server side of the connection.
One other thing you could do is just do the client cert auth on the LTM itself through the Client SSL profile. Again you will need an iRule if you want to check for certain CNs but it is a pretty simple iRule I am also using this logic for a couple applications I run. See reference below.
http://devcentral.f5.com/wiki/iRules.ClientCertificateCNChecking.ashx