Forum Discussion

Thomas-R-D's avatar
Thomas-R-D
Icon for Nimbostratus rankNimbostratus
Nov 28, 2023

Passing Client CAC / Smart Card Cert to Application Server

I am reaching to see if anyone has created or come across the most stream line process of passing a Client cert through F5 which then reaches the an Application server. The most important piece of d...
  • Thomas-R-D's avatar
    Thomas-R-D
    Nov 29, 2023

    Thank you so much, Lucas_Thompson

    we went with Option #3 (Use Proxy-SSL by setting it up manually: https://my.f5.com/manage/s/article/K13385) as this worked for us and is the simpliest option as well, All the AAA happens on the server side / application.

    Under "SSL cipher negotiation" in the above link, we used "Proxy SSL Passthrough feature allows the BIG-IP system to pass traffic through to the server". Our version is: BIG-IP 14.1.5.6 which has this feature.

    We enabled "Proxy SSL" and "Proxy SSL Passthrough" on both the Client and Server SSL Profiles (Which is required, and we had to Remove the Profiles from the Virtual Server before making the change as you will get an error if you try to make this change while they are in use. Then Add them back after the below changes)

    Updated settings in two Locations, Client and Server SSL Profiles that are being used:

    1. Local Traffic >> Profiles >> SSL >> Client (Will repeat below steps, but picking 'Server' instead)
    2. Click on [Name of Profile]
    3. Change Configuration to "Advanced"
    4. Scroll down, Check the 'Enable' box next to: Proxy SSL & Proxy SSL Passthrough (If it is grayed out, will need to check the 'Custom' box to the right of the Feature)