Sebas_82058
Jun 18, 2014Nimbostratus
Two-way SSL authentication with self-signed client certificate
Hi, we're trying to implement a two-way SSL authentication against one of our virtual servers.
We have a certificate for our virtual server, which is signed by a CA and is working just as expected.
However, we don't want to let anyone connect to this virtual server unless we are presented with a client side SSL certificate.
The challenge we're facing is that, this client side certificate is self-signed. So, when the client connects, the F5 cannot validate the certificate and our connection cannot be established.
Just to get some things out of the way:
- We only have the certificate and we cannot get the key for the client side certificate.
- We cannot upload or CA certificate or key to the other side where the connections are coming from.
I would like to know:
- Is there any way to tell the F5 to trust this certificate? If so, how?
- I read, somewhere, that we can just set the mode to request and then add an iRule to validate the certificate. Is that possible?
I would appreciate any help on this matter.
Thanks