Forum Discussion

AlexS_yb's avatar
AlexS_yb
Icon for Cirrocumulus rankCirrocumulus
Jul 17, 2023

ASM vs to APM vs and client certificates

Hi

I had a VS which imposed a client certificate requirement to access it

Now I have to set this up as

ASM -> APM because I want ASM to interact first

My issue now is how do i get the client certificate information back to the APM vs when the tls session is terminated on the ASM VS

I was hoping to send the cert via a header to the back end - but I can't seem to write to ssl::cert

 

  • Hi AlexS_yb,

    I think you are looking for C3D (Client Certificate Constrained Delegation),  this feature allows the BIG-IP to forge a client certificate for use in server-side client certificate authentication. The forged certificate is generated using information from a client certificate provided in the client-side ssl handshake.
    See: K14065425: Configuring Client Certificate Constrained Delegation (C3D) 

    This way the APM should see the forged client cert with the required attributes for user authentication.

    KR
    Daniel

  • Hi AlexS_yb,

    I think you are looking for C3D (Client Certificate Constrained Delegation),  this feature allows the BIG-IP to forge a client certificate for use in server-side client certificate authentication. The forged certificate is generated using information from a client certificate provided in the client-side ssl handshake.
    See: K14065425: Configuring Client Certificate Constrained Delegation (C3D) 

    This way the APM should see the forged client cert with the required attributes for user authentication.

    KR
    Daniel

    • AlexS_yb's avatar
      AlexS_yb
      Icon for Cirrocumulus rankCirrocumulus

      Thanks for that , but not for me I don't think