> Everyone,
>
> I have a client that has a wildcard cert on a load balancer in front of a
> server farm.  One of the webs that is hosted on this farm uses Client Certs
> for authentication.  Unfortunately, the issue arises that the load balancer
> (F5) decrypts SSL handing only port 80 to the back-end web servers.  Under
> this configuration, the client certs are never checked as the inbound traffic
> is HTTP only.  Now we can use the internal CAs to issue the server certs and
> pass the HTTPS all the way to the IIS instance...  but then this has the
> problem of causing the unauthorized cert warning to be displayed.
>
> Further, this is posing a particular issue when obtaining the user cert as
> Vista clients will not accept a cert unless the decrypt is happening in IIS
> and has no way of detecting that the connection is secure, but through the
> load balancer.
>
> I am looking for some kind of direction here of how to do this correctly
> while still using the wildcard that is supporting the farm. ...