Forum Discussion
mikeshimkus_111
Sep 09, 2015Historic F5 Account
If you want the client cert to be presented at the CAS, I think your options are:
-
Set up a separate VIP for ActiveSync that doesn't terminate SSL (aka passthrough).
-
Use ProxySSL: https://support.f5.com/kb/en-us/solutions/public/13000/300/sol13385.html.
If you have APM, you could:
- Use APM on-demand cert auth, collect the domain name from the user's UPN in the cert, stuff that into a Kerberos SSO request, and auth to the CAS using KCD (the iApp does something similar when deploying APM with smart card auth for OWA).
- NathMar 19, 2016CirrostratusThis is my problem right now! I tried to configured chain cert and bundle cert but still no luck! Is there any way to use the ActiveSync that f5 will terminate and re-encrypt the traffic up to the CAS server?