F5 message level encryption
Hey everyone,
Budding F5 admin here. We've had our new BigIP devices in production now for about 5 months and so far have had pretty typical LTM setups.
I'm attempting to replicate the configuration of an IIS setup on the F5. We currently have a web server with IIS that's has a certificate binding to 443 for client SSL. I've set this up on the F5 as a client SSL profile to handle SSL on the F5.
They are also using Message Level Encryption.This server has another certificate on it that's just being stored as a Trusted Root Authority on the server.
The requests coming into this server contain, at the message level, a private cert signature. If the server has the right public chain it will talk back to the client. After that is some authentication stuff that happens.
I've setup a virtual server on the F5 as basically a reverse proxy to allow external users to connect without exposing the servers itself to our DMZ. On the F5 I have a client SSL profile with our wildcard cert on it to handle the 443 connection to the server and on the backend I'm using the generic SSL server profile to talk to the backend server over 443.
The VIP works fine until they attempt to send one of these message level encrypted requests. It isn't able to identify the 2nd cert.
So I'm attempting to understand how I can introduce this other certificate to the client so that the virtual server responds back that it has the public chain it's looking for. Does anyone have any pointers or assistance you can throw in my direction.