Forum Discussion
mikeshimkus_111
Historic F5 Account
If you want the client cert to be presented at the CAS, I think your options are:
-
Set up a separate VIP for ActiveSync that doesn't terminate SSL (aka passthrough).
-
Use ProxySSL: https://support.f5.com/kb/en-us/solutions/public/13000/300/sol13385.html.
If you have APM, you could:
- Use APM on-demand cert auth, collect the domain name from the user's UPN in the cert, stuff that into a Kerberos SSO request, and auth to the CAS using KCD (the iApp does something similar when deploying APM with smart card auth for OWA).
Nath
Mar 19, 2016Cirrostratus
This is my problem right now! I tried to configured chain cert and bundle cert but still no luck!
Is there any way to use the ActiveSync that f5 will terminate and re-encrypt the traffic up to the CAS server?