Forum Discussion
3a. SSL Server Certs with public and private keys (CA or self signed) are stored on the F5. The F5 iRule has access to the public and private keys attached to the F5 VS and knowing the algorithm specified by the standard, one solution may be to use the CRYPT command to generate the digital signature using the SSL Cert private key. However, this is very time consuming to code. The F5 VS SSL private key would be used to sign the SOAP request.
This is not true. iRules do not have access to the certificates and private keys stored on the F5. To use the CRYPTO commands, you'd necessarily have to generate and/or pre-establish a private key. That said, I believe it would be possible to use a private key from a known certificate, but it'd be a manual process.
3b. The F5 has access to personal certs, i.e. stored in the browser, through session variables, and the X509 attributes, including the public key.
The F5 would have access to the complete client certificate, which includes the public key, if the client submitted it during an SSL handshake. But a digital signature requires a private key, which the client would NEVER provide.