Follow

Q&A: Is TLS mutual auth supported in Silverline?

Question

  • Does Silverline Support Mutual Authentication (Client SSL Cert) TLS connectivity?

 

Environment

  • Proxy/Proxies
  • SSL/TLS
  • Mutual Auth

 

Answer

Availability

Mutual TLS Authentication is now available by request, for use within the Silverline proxy infrastructure.  It is presently in Beta release.  

Learn more about Beta features Scope of SupportSilverline Beta / GA Feature Support Policy

 

While the mTLS feature has been released, keep in mind that it is in beta mode. Once this feature is released, it will be noted on the Release Notes updates that we make in the Silverline Knowledge Base: https://support.f5silverline.com/hc/en-us/sections/115000201333-Release-Notes

 

If the mTLS beta functionality does not work as intended, we have two options for supporting Mutual TLS Authentication, i.e. client SSL certificates:

  1. Transparent SSL Profile - 
  2. iRule to insert Client SSL Certificate information into HTTP header - 
    • An iRule can be utilized to generate a request for a client certificate when the TLS session is established.
      • We do not perform authentication of this client certificate directly, but we can extract required fields from the certificate (CN, Issuer, Subject, Serial Number, etc) and insert the data/info into the HTTP header to be sent to your origin
  • In either case, the actual authentication must be done on the backend end
    • Silverline does not support authenticating the client directly on Silverline

 

Related Content

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request