When you configure the BIG-IP® system to decrypt client-side HTTP requests and encrypt the server responses, you can optionally configure the BIG-IP system to use an Elliptic Curve Digital Signature Algorithm (ECDSA) key for authentication as part of the BIG-IP system's certificate key chain. Using elliptic curve cryptography (ECC), an ECDSA key creates a digital signature that allows the system to verify the authenticity of data without compromising its security. The result is that the BIG-IP system performs the SSL handshake usually performed by target web servers, using an ECDSA key type in the certificate key chain.
This particular implementation uses a certificate signed by a certificate authority (CA).
To implement client-side authentication using HTTP and SSL with a certificate signed by a certificate authority, you perform a few basic configuration tasks.
After you complete the tasks in this implementation, the BIG-IP® system authenticates and encrypts client-side ingress HTTP traffic using an SSL certificate key chain. The BIG-IP system also re-encrypts server responses before sending the responses back to the client.
The certificate in the certificate key chain includes an Elliptic Curve Digital Signature Algorithm (ECDSA) key as the authentication mechanism.