Forum Discussion
Lucas_Thompson
Employee
In outbound mode, Mutual TLS requires either bypassing the SSLO (create the bypass rule based on SNI or remote IP) or creating a trust on the target server to your own CA that's on the SSL Orchestrator BIG-IP. Ordinarily (not mTLS) SSLO re-creates the server's certificate using its own CA. In mTLS, this must occur in BOTH directions, so both the client AND server must trust the SSLO's CA.
This is covered in the deployment guide here:
https://clouddocs.f5.com/sslo-deployment-guide/sslo-11/chapter6/page6.01.html
If the bypass doesn't fix it enable logging and follow the instructions in this SSL troubleshooting KB article:
https://my.f5.com/manage/s/article/K15292
neeeewbie
MVP
May 24, 2024Thank you for the information you shared!