Mutual authentication on an F5 Load Balancer

Posted on 2012-09-13
Last Modified: 2012-09-20
I have a requirement to implement mutual authentication between my platform and that of a third party.

In this instance I will be the server end and the third party will be the client. I have an F5 load balancer handling web traffic on my platform.

As his request comes to me I will need to validate his client certificate to confirm his identity. My question is, will the F5 process the client certificate details as the request passes through it meaning that my back end doesn't receive the certificate details to validate them ?

If it does, how do I configure the F5 to carry out the mutual authentication ?

I am using a BIG-IP LTM1600 10.2.1 Build 297.0 Final
Question by:ccfcfc
    LVL 22

    Expert Comment

    Do you have the Advanced Client Authentication Module?
    LVL 60

    Accepted Solution

    You can configure a clientssl profile to request or require a client cert. Further you will import the trusted CA and CRL. If there are intermediate CA, you can check out the ca-bundle or chain option. See the "Client Authentication"

    Client certificate authentication use the following sequence of events:

    The client requests an SSL connection
    >The SSL server presents its SSL certificate, along with any configured chain certificate bundle, to the client
    >The SSL client uses the CA certificates stored in its Trusted Device Certificate store, and the supplied certificate chain if necessary, to authenticate the server
    >The SSL server requests a client certificate, advertising a list of preferred CAs if configured to do so
    >The SSL client presents its SSL certificate
    >The SSL server uses its configured trusted CA certificate bundle to authenticate the client

    Without ACA or APM, you pretty much only have CRLDP, SSL OCSP and SSL client cert LDAP, if I am not wrong. Can be rather basic and I do suggest to upgrade to latest version 10.2.4 or even v11 above.

    If needed, there is iRule for cert check based on Subject name

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    TechValidate Research on Citrix NetScaler

    Are you looking for an ADC. See what people like you say about Citrix NetScaler. Visit this site to find TechFacts, Charts and Case Studies.

    Even if you have implemented a Mobile Device Management solution company wide, it is a good idea to make sure you are taking into account all of the major risks to your electronic protected health information (ePHI).
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
    This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor ( If you're looking for how to monitor bandwidth using netflow or packet s…

    759 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    13 Experts available now in Live!

    Get 1:1 Help Now