ASM vs to APM vs and client certificates

Question

HiI had a VS which imposed a client certificate requirement to access itNow I have to set this up asASM -&gt; APM because I want ASM to interact firstMy issue now is how do i get the client certificate information back to the APM vs when the tls session is terminated on the ASM VSI was hoping to send the cert via a header to the back end - but I can't seem to write to ssl::cert&nbsp;

daniel_wolf · Accepted Answer

Hi&nbsp;AlexS_yb,I think you are looking for C3D (Client Certificate Constrained Delegation),&nbsp; this feature allows the BIG-IP to forge a client certificate for use in server-side client certificate authentication. The forged certificate is generated using information from a client certificate provided in the client-side ssl handshake.See:&nbsp;K14065425: Configuring Client Certificate Constrained Delegation (C3D)&nbsp;This way the APM should see the forged client cert with the required attributes for user authentication.KRDaniel

alexs_yb · Answer

Thanks for that , but not for me I don't think&nbsp;

Forum Discussion

ASM vs to APM vs and client certificates

2 Replies

Recent Discussions

ASM instance creation

BIG-IP DNS: Check Status Of Multiple Monitors Against Pool Member

Open Redirection Mitigation

F5Access | MacOS Sonoma

enable tls1.2 on management interface on F5 ltm running version 10.x

Related Content

BIG-IQ Client Certificate (PKI) Authentication

Howto enable BIG-IP ASM client fingerprinting

iRule to set SameSite for compatible clients and remove it for incompatible clients (LTM|ASM|APM)

Client-Certificate and IP-Whitelisting via Policy or iRule?

SSL Orchestrator Advanced Use Cases: Client Certificate Constrained Delegation (C3D) Support