Forum Discussion

Shailesh_Shukla's avatar
Shailesh_Shukla
Icon for Nimbostratus rankNimbostratus
Aug 09, 2016

2 way SSL implementation on F5 LTM

I am trying to accomplish the below by using 2 way SSL. I have two requirement.

 

1- all request https:///events to go to pool with 443 SSL with 2 way SSL authentication. 2- rest other client request like https:///login and https:/// should go to another pool with 80 and while hitting the url https:///login and https:/// browser should not ask for certificate.

 

Can someone help to achieve this.

 

5 Replies

  • nathe's avatar
    nathe
    Icon for Cirrocumulus rankCirrocumulus

    Shailesh, the SSL connection (and hence certificate exchange) will happen before the bigip can view the HTTP payload. And this is before any redirection can take place. Also, mutual authentication will happen first too.

     

    Hope this helps,

     

    N

     

  • Please clarify the mentioned URLs? Is it https://events/, https://login/ and https://???/ or is it https://sitename/events/, https://sitename/login/ and https://sitename/* ? Furthermore its important to know if the 2-Way handshake "can" be terminated on the F5 or if the 2-Way handshake "must" be terminated on the backend website?

     

    Cheers, Kai

     

  • url would be https://sitename/login/ and https://sitename/* which should not ask for certificate when I hit from the browser

     

  • Can you tell me how to achieve below.

     

    https://sitename/login/ and https://sitename/* ==Should not ask for certificate when I hit in browser as I have pool with port 80.

     

    https://sitename/events==should ask for certificate as I have pool with port 443

     

  • nathe's avatar
    nathe
    Icon for Cirrocumulus rankCirrocumulus

    If the hostname is the same then SNI is not an option. My view is you can't achieve what you're after this way. Perhaps other DCers have other suggestions.