Kemp Support, how can we help?

The latest application delivery knowledge and expertise at your fingertips.

Support for Certificate Client Side Authentication with No Server Side Authentication

This article relates to LoadMaster firmware version 7.2.53.

In LoadMaster firmware versions older than 7.2.53, the Edge Security Pack (ESP) configuration of Client Certificate client authentication with Kerberos Constrained Delegation (KCD) server authentication was supported. In version 7.2.53, new support was added for Client Certificate client authentication with no server side authentication. This is useful in cases where ESP is simply needed for pre-authentication (which is possible using the certificate) and where other credentials are then passed on in the Real Sever (username/password/multi-factor authentication, and so on).

To configure this, follow the steps below in the LoadMaster User Interface (UI):

1. In the main menu, go to Virtual Services > View/Modify Services.

2. Click Modify on the relevant Virtual Service.

3. Expand the SSL Properties section.

4. Ensure SSL Acceleration is Enabled.

5. Expand the ESP Options section.

6. Ensure ESP is enabled.

7. Set the Client Authentication Mode to Client Certificate.

8. Set the Server Authentication Mode to None.

9. Configure any other setting as needed.