Options for Mutually Authenticated Connections using Certificates
Hello,
I'm attempting to change an existing VS configuration to accommodate some updated security requirements that have been passed down to our team.
The existing configuration is as follows:
Virtual Service that is listening on HTTPS port, and is doing the SSL offloading for this service on the client side. The server side is unencrypted HTTP. There is also an iRule that has been applied that rewrites the URIs (5 static translations (e.g. /api/v2/xyz to /ABC/xyz, /api/v2/def to /ABC/def).
The new requirement is that the Client will be providing a client certificate that they want to validate. It must be that specific certificate as the communication is supposed to be just between a single client server owned by our partner and our server.
I looked into doing Client Certificate Authentication but from what I can tell that will simply verify whether or not the certificate is valid, not that specific certificate's details.
I also don't want to do it using a iRule because there's a chance that in the future there will be other clients using this connection and the scalability of the iRule option seems low.
The client certificate validation can be done using Tomcat on the server on our side so I think that the best option for this application would be to push the SSL termination down to the server so that they can do the Client certificate authentication with Tomcat. I am wondering though whether or not this will work with the existing URI rewriting?
Not sure if that explanation made sense, we have had a bit of a moving target on this project so the configuration has changed several times.
Thanks.