ā01-17-2014 07:37 AM
Hi, I have an ACE20 module runing Version A2(3.6a). In my past, I have always done 1 way SSL termination on the ACE, wherein the client/browser initiates an SSL/https connection to the VIP on the ACE and authenticates the VIP. I have a requirement in which we need to also authenticate the client from the ACE. (2 way SSL). Is this supported? Can you please guide me to some configuration document?
thnx
Solved! Go to Solution.
ā01-17-2014 07:40 AM
Hi Sandev,
Yes it is supported. Please visit the below link and visit section "Client Authentication:.
Regards,
Kanwal
ā01-17-2014 07:40 AM
Hi Sandev,
Yes it is supported. Please visit the below link and visit section "Client Authentication:.
Regards,
Kanwal
ā01-17-2014 07:49 AM
Thanks... It says that a significant performance decrease may result while doing this.
This makes me think of a different scenario. - Let`s say i do end-to-end SSL all the way to my servers, and instead of the ACE authenticating the client, I leave the servers to do this part. In other words, ACE just acts as a pass-through for the client SSL authentication. Will this work?
ā01-17-2014 08:18 AM
Hi Sandev,
In end to end SSL ACE acts as a client. So ACE shall present a certificate to the backend server for client authentication. You should be able to configure a SSL Cert and Key on the ACE for it to use as the "client"..
This cert is what the ACE will use when the SSL server sends the CertificateRequest Message in the SSL handshake.
I haven't tested this myself but it should work fine and not sure if that would have an equal impact on performance or not.
Regards,
Kanwal
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide