Forum Discussion
hooleylist
Feb 01, 2012Cirrostratus
If you can't modify the web app to either disable the client cert requirement or parse the client cert from HTTP request headers, you could use try Proxy SSL. It's a feature added in 11.0 which allows the client and server to negotiate the SSL handshake directly. But once the handshake is complete, TMM can decrypt the SSL and inspect/modify/optimize the decrypted application traffic.
The upside is that you can handle mutual auth through LTM without modifying the client or app. The downside is that you're not offloading the SSL from the servers to LTM.
Implementing Proxy SSL on a Single BIG-IP System
http://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/ltm-implementations-11-1-0/15.html
Make sure to use 11.1 with the latest hotfix as there have been some recent fixes.
Aaron