IMAP(s) with SSL Offloading with Client Certificate Authentication

Question

Hi,&nbsp;
I would like to know if it is possible to put in place a VS on the port 993 + SSL Client Profile with Require enable to force the email client to provide a client certificate.&nbsp;
When the client will be authenticate by the F5, I will forward the IMAP Connection to the backend on the port 143.&nbsp;
Do you know if it's working like that ?&nbsp;
Thanks a lot.
Morgan&nbsp;

youssef1 · Answer

Hi,
As you know IMAP is an application layer Internet Protocol using the underlying transport layer protocols to establish host-to-host communication services for applications. This allows the use of a remote mail server. The well-known port address for IMAP is 143.
So in fact IMAPS (IMAP over SSL) allows IMAP traffic travel over a secure socket to a secure port, typically TCP port 993.
Internet IMAP port 993 SSL &lt;&gt; F5 Load balancer + Cert auth &lt;&gt; Exchange port 143 
But I think that the problem will come from App client (messaging app) that can't negociate auth using a cert.
it's like the exchange client using OutlookAnywhere. cert auth was not possible in spite of the ssl / tls...
the best way is to test but I do not believe in this type of deployment
hope it's clear. regards,

Forum Discussion

IMAP(s) with SSL Offloading with Client Certificate Authentication

1 Reply

Recent Discussions

Chrome V 124+ on MacOS - Virtual Server Access Issue

vulnerabilities (CVE-2020-36363), CVE-2016-0736,CVE-2019-6593-FOR VERSION BIGIP LTM-16.1.4

Port Group on F5OS network setting

Advise on setting up IRULE

F5 iRule to replace host to path

Related Content

F5 BIG-IP Access Policy Manager (APM) - Google Authenticator and Microsoft Authenticator

APM Clientless certificate authentication

BIG-IQ Client Certificate (PKI) Authentication

Doing mTLS Authentication per URL

Re: Management Certificate