Forum Discussion
Lucas_Thompson
Employee
May 23, 2024In outbound mode, Mutual TLS requires either bypassing the SSLO (create the bypass rule based on SNI or remote IP) or creating a trust on the target server to your own CA that's on the SSL Orchestrator BIG-IP. Ordinarily (not mTLS) SSLO re-creates the server's certificate using its own CA. In mTLS, this must occur in BOTH directions, so both the client AND server must trust the SSLO's CA.
This is covered in the deployment guide here:
https://clouddocs.f5.com/sslo-deployment-guide/sslo-11/chapter6/page6.01.html
If the bypass doesn't fix it enable logging and follow the instructions in this SSL troubleshooting KB article:
https://my.f5.com/manage/s/article/K15292
- neeeewbieMay 24, 2024
MVP
Thank you for the information you shared!