Forum Discussion

steven_normole's avatar
steven_normole
Icon for Cirrus rankCirrus
Mar 19, 2025

APM for banner and cert

I need to create an APM that will do the following present an advisory banner, request a certificate extract teh upn and send over to active directory send the user to the backends. Looking fo...
devops
Injeyan_Kostas's avatar
Injeyan_Kostas
Icon for Cirrostratus rankCirrostratus
Mar 24, 2025

When implementing the "require" parameter in ClientSSL profiles, a significant limitation exists: connections with missing or invalid certificates are terminated immediately without providing any diagnostic information or user feedback. This creates a poor user experience and complicates troubleshooting. 
A more effective approach is to maintain the "require" parameter in your ClientSSL profile and use "On-Demand Cert Auth" instead of "Client Cert Inspection" within your APM policy.
This configuration allows certificate validation failures to be handled gracefully within the APM policy, enabling customized user feedback and remediation paths.

While Message Box would do the job , if you are familiar with JS, consider using the Advanced Customization feature in your APM policy to create the banner.