Mutual TLS (mTLS) configuration on a Virtual Service
Information
Summary: |
This article will outline how to configure Mutual TLS (mTLS) on a LoadMaster Virtual Service. |
Environment: |
Product: LoadMaster Version: Any Platform: Any Application: HTTPS Applications |
Question/Problem Description: |
How to configure Mutual TLS (mTLS) on a LoadMaster Virtual Service. |
Steps to Reproduce: | |
Error Message: | |
Defect Number: | |
Enhancement Number: | |
Cause: | Mutual TLS, or mTLS for short, is a method for mutual authentication. mTLS ensures that the parties at each end of a network connection are who they claim to be by verifying that they both have the correct private key. The information within their respective TLS certificates provides additional verification. |
Resolution: |
Scenario 1: SSL Acceleration is enabled on the Virtual Service When using SSL Acceleration on a Virtual Service, the LoadMaster can check if the client presents a client certificate in the TLS handshake. This can be enabled on a Virtual Service under SSL Properties > Client Certificates > Client Certificates required as follows:
If a valid Client Certificate is presented by the client, then the TLS handshake completes with a successful connection established between the client and the virtual service. In this scenario, Client Certificate checks or mTLS checks are not supported on the real server.
Scenario 2: The Virtual Service is an SSL Passthrough service In this scenario, there is no SSL Acceleration enabled on the Virtual Service. It is configured as a Passthrough SSL Virtual Service. Client Certificate or mTLS checks must be enabled on the real server side, as the TLS handshake is conducted between the client and server in this configuration. |
Workaround: | |
Notes: |
SSL Acceleration: https://support.kemptechnologies.com/hc/en-us/articles/10109869351693-SSL-Accelerated-Services |