Client Authentication Certificate APM

Question

Hi,
I want to use APM for bypassing the SSL negotiations to pass to server but clients should see the server side certificate of F5 (this is not possible via proxy ssl feature). I am looking for client authentication certificates to be validated by backend server and not by F5.
is it possible to use APM for such configuration?&nbsp;

boneyard · Answer

so correct me if im wrong, you want the certificate on the F5 to be shown to the client and the client certificate passes to the pool member? that isn't possible, SSL offloading means the client certificate is lost there. you can pass it in header or such, but not the actual certificate as part of the SSL information.&nbsp;
if you need the client certificate at the poolmember isn't tcp load balancing an option, you do miss the ssl offloading then of course.&nbsp;

Forum Discussion

Client Authentication Certificate APM

1 Reply

Recent Discussions

Geo Fence in ASM through irule for URI

Client certificate Authentication - open multiple tabs

google autenticator broken barcode

Chrome V 124+ on MacOS - Virtual Server Access Issue

vulnerabilities (CVE-2020-36363), CVE-2016-0736,CVE-2019-6593-FOR VERSION BIGIP LTM-16.1.4

Related Content

BIG-IQ Client Certificate (PKI) Authentication

APM Clientless certificate authentication

Re: Management Certificate

Distributed caching of authentication requests with NGINX Ingress Controller

Client-Certificate and IP-Whitelisting via Policy or iRule?