Forum Discussion

Cirrocumulus

Jul 17, 2023

Solved

ASM vs to APM vs and client certificates

Hi I had a VS which imposed a client certificate requirement to access it Now I have to set this up as ASM -> APM because I want ASM to interact first My issue now is how do i get the client cert...

ASM APM

devops

security

Daniel_Wolf
Jul 17, 2023
Hi AlexS_yb,
I think you are looking for C3D (Client Certificate Constrained Delegation), this feature allows the BIG-IP to forge a client certificate for use in server-side client certificate authentication. The forged certificate is generated using information from a client certificate provided in the client-side ssl handshake.
See: K14065425: Configuring Client Certificate Constrained Delegation (C3D)
This way the APM should see the forged client cert with the required attributes for user authentication.
KR
Daniel

Daniel_Wolf

MVP

Hi AlexS_yb,

I think you are looking for C3D (Client Certificate Constrained Delegation), this feature allows the BIG-IP to forge a client certificate for use in server-side client certificate authentication. The forged certificate is generated using information from a client certificate provided in the client-side ssl handshake.
See: K14065425: Configuring Client Certificate Constrained Delegation (C3D)

This way the APM should see the forged client cert with the required attributes for user authentication.

KR
Daniel

AlexS_yb

Cirrocumulus

Jul 21, 2023

Thanks for that , but not for me I don't think

Forum Discussion

ASM vs to APM vs and client certificates

Recent Discussions

redirect not working

Can iRule be used to perform exception of IPI category based on Geolocation

Monitor string query

Telemetry streaming to Elasticsearch

Error while running ansible

Related Content

Thumbprint of the client ssl certificate

Unable to define WSS client certificate in F5-ASM

BIG-IQ Client Certificate (PKI) Authentication

Howto enable BIG-IP ASM client fingerprinting

Re: Management Certificate