How to pass Client Certificate to backend applications that requires Client Certificate for User authentication (SSL_Bridge)

How to pass Client Certificate to backend applications that requires Client Certificate for User authentication (SSL_Bridge)

book

Article ID: CTX217167

calendar_today

Updated On:

Description

Not able to pass Client Certificate information to the backend server

Resolution

The certificate as such cannot be passed to the backend when SSL vServer is configured, to do this an SSL_BRIDGE vserver needs be configured.

The Client Certificate information can be passed to the backend server as an HTTP Payload.

Steps:

1. Enable client certificate authentication
2. Create the following SSL policy 
  • add ssl action <actname> -clientCert ENABLED -certHeader CLIENT-CERT
    For <actname>, substitute a name for the SSL action.
  • add ssl policy <polname> -rule true -action <actname>
    For <polname>, substitute a name for your new SSL policy. For <actname>, substitute the name of the SSL action that you just created.
  • bind ssl vserver <name> -policyName <polname> -priority 10
    For <name>, substitute the name of the VPN virtual server.

Problem Cause

Need to pass the Client Certificate information to the backend server as an HTTP Payload

Additional Information

Citrix Documentation - https://docs.citrix.com/en-us/citrix-adc/current-release/aaa-tm/authentication-methods/citrix-adc-aaa-client-certificate-authentication-policy.html#client-certificate-pass-through

Powered by Wolken Software