SSL client and server authentication.

Client Authentication

Clients access the Web application through HTTPS. HTTPS is terminated on the edge VIP and requests for client certificate.

  1. Import the Web server certificate along with root CA. For details, refer to Scenario: Import SSL Certificate.

  2. Create the HTTPS application profile with the following parameters:

    1. Select Type as HTTPS from the list.

    2. Select the Virtual Server Certificates tab, and then select CA Certificates tab. CA is used to verify client certificate.

    3. Select the service certificate configured in step 1.

    4. Select Client Authentication as Required from the list.

      Note:

      If the Client Authentication option is set to Ignore, load balancer ignores the client certificate authentication.

  3. Create a virtual server. For details, refer to Scenario: Import SSL Certificate.

    Note:

    If the Enable Pool Side SSL option is disabled in the application profile, the pool selected is composed of HTTP servers. If the Enable Pool Side SSL option is enabled in the application profile, the pool selected is composed of HTTPS servers.

  4. Import a client certificate signed by the root CA in the browser.

    1. Go to the Web site https://www.sslshopper.com/ssl-converter.html.

    2. Convert certificate and private key to the pfx file. For complete examples of certificate and private key, refer to the Example: Certificate and Private Key topic.

    3. Import the pfx file in the browser.

Server Authentication

Clients access the Web application through HTTPS. HTTPS is terminated on the edge VIP. The edge establish new HTTPS connections to the servers, it requests and verifies server certificate.

Only specific ciphers are accepted by the edge.

  1. Import the Web server certificate and root CA certificate for server certificate authentication. For details, refer to Scenario: Import SSL Certificate.

  2. Create the HTTPS application profile with the following parameters:

    1. Select Type as HTTPS from the list.

    2. Select the Enable Pool Side SSL check box.

    3. Select the Pool Certificates tab, and then select CA Certificates tab. CA is used to verify client certificate from backend HTTPS server.

    4. Select the Server Authentication check box.

    5. Select the CA certificate configured in step 1.

    6. Select the required cipher from the Ciphers list.

      Note:

      If cipher is not in approved ciphers suite, it resets to Default.

      After upgrading from old version, if cipher is null/empty or not in approved ciphers suite in the old version, it resets to Default.

  3. Create a virtual server. For details, refer to Scenario: Import SSL Certificate.

    Note:

    If the Enable Pool Side SSL option is disabled in the application profile, the pool selected is composed of HTTP servers. If the Enable Pool Side SSL option is enabled in the application profile, the pool selected is composed of HTTPS servers.