ASM vs to APM vs and client certificates

Question

HiI had a VS which imposed a client certificate requirement to access itNow I have to set this up asASM -&gt; APM because I want ASM to interact firstMy issue now is how do i get the client certificate information back to the APM vs when the tls session is terminated on the ASM VSI was hoping to send the cert via a header to the back end - but I can't seem to write to ssl::cert&nbsp;

daniel_wolf · Accepted Answer

Hi&nbsp;AlexS_yb,I think you are looking for C3D (Client Certificate Constrained Delegation),&nbsp; this feature allows the BIG-IP to forge a client certificate for use in server-side client certificate authentication. The forged certificate is generated using information from a client certificate provided in the client-side ssl handshake.See:&nbsp;K14065425: Configuring Client Certificate Constrained Delegation (C3D)&nbsp;This way the APM should see the forged client cert with the required attributes for user authentication.KRDaniel

Forum Discussion

ASM vs to APM vs and client certificates

Recent Discussions

Can you set Kerberos AAA server via session variable?

HTML Code injection Not detected by ASM

What will be happen to live and existing connections when failover HA BIG IP active-standby

SSL Offload and remove FQDN

High CPU utilization (100%).

Related Content

Howto enable BIG-IP ASM client fingerprinting

Re: Management Certificate

Client ssl certification bulk installation

Certifications for security professionals

Certificate Expiry Email alert configuration

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS