Forum Discussion

Nimbostratus

Dec 07, 2017

Authenticate client certificate when it is already presented to F5 via header

I'm having an ongoing problem with a single client (all other users are fine) for a site that uses the following irule to request a client certificate and insert it via header if the clients ask for ...

Nacreous

Dec 07, 2017

I've just been looking at a similar issue. Nothing is sent to the server as there is a condition to check for the certificate count

if { [SSL::cert count] > 0 } {

I suspect that the result of the command is returning a zero as the certificate is likely only required once. Try changing the clientssl certificate to

always

require the certificate, rather than once which is the default.

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

Authenticate client certificate when it is already presented to F5 via header

Jonathan - March 2026 Featured Member

F5 AppWorld 2026 Las Vegas - iRules Contest Winners!

2026 F5 DevCentral MVP Announcement

Recent Discussions

How to configure ssh access by key on F5OS

F5 BIG-IP DNS/Audit Logs — Structured Format for SIEM Ingestion

Bot Defense causing a lot of false positives

Recommendation for Adv. Lab

iRules for recreation: HTTP Protocol Parser implemented using BIG-IP iRule(unfinished)

Related Content

Automating Certificate Management on F5 BIG-IP

APM Clientless certificate authentication

BIG-IQ Client Certificate (PKI) Authentication

Certificate Automation for BIG-IP using CyberArk Certificate Manager, Self-Hosted

Automating ACMEv2 Certificate Management on BIG-IP

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS