httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marco Pizzoli <>
Subject Re: AW: [users@httpd] Client certificate auth behind f5 loadbalancer
Date Sat, 28 Jun 2014 17:54:26 GMT
Hi Marc,
as F5 user maybe you are not yet aware that with F5, leveraging iRules, you
- implement client cert verification/validation, also specifically checking
the CN of the certificate
- publish to the apache backend custom HTTP headers carrying informations
extracted from the client certificate

Both cases are well documented on the F5 site. The first one in particular
I can say by having implemented on my own.

Is it something useful to your case?


On Sat, Jun 28, 2014 at 5:04 PM, Marc Schöchlin <> wrote:

> Hi,
> On 06/26/2014 04:08 PM, wrote:
> > Why do you terminate the ssl on the F5 and not on the Apache-backend? We
> load balance IP/Port-based on the F5 and terminate the SSL on the Apache
> backend, so you would be able to turn on your SSLEngine and Proxy the SSL
> from the F5 on the SSL Standard SSL Port 443 of the Apache and you can do
> everything you want because you have all SSL information.
> i use a wildcard certificate on my frontend ip to do irule-based (looking
> for the hostheader) backend pool selection.
> Therefore it would be good to terminate ssl in the f5.
> I will now use a new frontend ip on the loadbalancer and i then i will
> forward the traffic to the backend servers....
> Regards
> Marc
> --
> GPG encryption available: 0x670DCBEC/
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> For additional commands, e-mail:

View raw message