Forum Discussion

Nimbostratus

Apr 29, 2014

APM portal mode and On Demand Certificate Authentication

Hi, We have to deploy authentication with APM, 11.4.1 for some web applications, authentication will include Client Certificate Authentication, OCSP Authentication and LDAP authentication. Every...

application delivery

availability

BIG-IP Access Policy Manager (APM)

Nimbostratus

Sep 23, 2014

I ran into this problem too.

To make 'session.ssl.cert.valid" = 0 and not 27 I had to set the client SSL profile to "ignore" (which it already was) but then also configure the CA Cert/Bundle as a Trusted Certificate Authority.

Once I did that then 'session.ssl.cert.valid' value was "0"

For more security I also changed the On-Demand Cert auth successful expression to..

expr { [mcget {session.ssl.cert.valid}] == "0" && [mcget {session.ssl.cert.serial}] == "

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

APM portal mode and On Demand Certificate Authentication

Recent Discussions

BIG-IP VE - qemu on an Apple Silicon Macbook

Minimum connection to guarantee the use of corporate VPNs.

F5 iControl REST API - viewBy Parameter Issue in Analytics Report

Local Traffic Policy rule or irule to bypass the BIG-IP ASM

Is it possible to connect to VPN from a Windows client command line without user interaction?

Related Content

Two-Factor Authentication – Captive Portal

APM Clientless certificate authentication

BIG-IQ Client Certificate (PKI) Authentication

F5 BIG-IP Access Policy Manager (APM) - Google Authenticator and Microsoft Authenticator

Automating ACMEv2 Certificate Management on BIG-IP

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS