How to configure the LoadMaster to send a client certificate to the server
Information
| Summary: |
How to configure the LoadMaster to present a client certificate to the server. |
| Environment: |
Product: LoadMaster. Version: Any. Platform: Any. Application: HTTPS-based applications. |
| Question/Problem Description: |
How to configure the LoadMaster to send a client certificate to the server if this is required for a HTTPS application. |
| Steps to Reproduce: | |
| Error Message: | |
| Defect Number: | |
| Enhancement Number: | |
| Cause: | |
| Resolution: |
NOTE: The LoadMaster can only be configured to send a single client certificate to servers in a Virtual Service. If it is required that the LoadMaster handles multiple client certificates as enforced by the server, please configure the Virtual Service as a HTTPS passthrough instead which means disabling SSL Accelaration altogether as shown below: By default, the LoadMaster does not present any client certificate to a back-end server when establishing the connection (LoadMaster to server). However, if the server requires the LoadMaster to present a client certificate, this behavior can be changed by using Reencryption Usage (LoadMaster WUI > Certificates & Security > SSL Certificates). To configure a certificate to be sent to a server as a client certificate in a specific VS we'd need to do the following: 1. Locate the SSL certificate in the SSL certificates tab. 2. Click on Reencryption Usage. 3. Select the Virtual Service (which needs to be configured to Reencrypt the traffic) and use > button to move the IP address to the Assigned VSs box. 4. Save changes. Once these changes are made, navigate to the VIP > SSL properties and the client certificate will be populated next to Reencryption Client Certificate. |
| Workaround: | |
| Notes: |