How to configure the LoadMaster to send a client certificate to the server
How to configure the LoadMaster to present a client certificate to the server.
Application: HTTPS-based applications.
How to configure the LoadMaster to send a client certificate to the server if this is required for a HTTPS application.
|Steps to Reproduce:|
NOTE: The LoadMaster can only be configured to send a single client certificate to servers in a Virtual Service. If it is required that the LoadMaster handles multiple client certificates as enforced by the server, please configure the Virtual Service as a HTTPS passthrough instead which means disabling SSL Accelaration altogether as shown below:
By default, the LoadMaster does not present any client certificate to a back-end server when establishing the connection (LoadMaster to server). However, if the server requires the LoadMaster to present a client certificate, this behavior can be changed by using Reencryption Usage (LoadMaster WUI > Certificates & Security > SSL Certificates).
To configure a certificate to be sent to a server as a client certificate in a specific VS we'd need to do the following:
1. Locate the SSL certificate in the SSL certificates tab.
2. Click on Reencryption Usage.
3. Select the Virtual Service (which needs to be configured to Reencrypt the traffic) and use > button to move the IP address to the Assigned VSs box.
4. Save changes.
Once these changes are made, navigate to the VIP > SSL properties and the client certificate will be populated next to Reencryption Client Certificate.