F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

AlexS_yb's avatar
AlexS_yb
Icon for Cirrocumulus rankCirrocumulus
Jul 16, 2023
Solved

ASM vs to APM vs and client certificates

Hi I had a VS which imposed a client certificate requirement to access it Now I have to set this up as ASM -> APM because I want ASM to interact first My issue now is how do i get the client cert...
ASM APM
devops
security
  • Daniel_Wolf's avatar
    Daniel_Wolf
    Jul 16, 2023

    Hi AlexS_yb,

    I think you are looking for C3D (Client Certificate Constrained Delegation),  this feature allows the BIG-IP to forge a client certificate for use in server-side client certificate authentication. The forged certificate is generated using information from a client certificate provided in the client-side ssl handshake.
    See: K14065425: Configuring Client Certificate Constrained Delegation (C3D) 

    This way the APM should see the forged client cert with the required attributes for user authentication.

    KR
    Daniel

Daniel_Wolf's avatar
Daniel_Wolf
Icon for MVP rankMVP
Jul 16, 2023

Hi AlexS_yb,

I think you are looking for C3D (Client Certificate Constrained Delegation),  this feature allows the BIG-IP to forge a client certificate for use in server-side client certificate authentication. The forged certificate is generated using information from a client certificate provided in the client-side ssl handshake.
See: K14065425: Configuring Client Certificate Constrained Delegation (C3D) 

This way the APM should see the forged client cert with the required attributes for user authentication.

KR
Daniel

  • AlexS_yb's avatar
    AlexS_yb
    Icon for Cirrocumulus rankCirrocumulus
    Jul 20, 2023

    Thanks for that , but not for me I don't think