Mutually Authenticated SSL
For CloudFoundry applications, if you need a mutually authenticated SSL, here are some notes on how that’s done.
Traditionally you might “pull the ssl cert” all the way down into the application container, like is done in an application server farm, old school. With Stackato, usually you have a load balancer deployed which handles VIP traffic for the cluster.
Specifically with you F5 LTMs, you have access to a Client SSL profile which can implement these enforcements around the client offered certification. You can configure the Trusted CA, the specific certificate which the LTM will accept for that particular Virtual Server configuration on the LTM.
The links below reference configuration documentation to setup these Client SSL Profiles:
You create a custom Client SSL profile when you want the BIG-IP ® system to terminate client-side SSL traffic for the…support.f5.com