Forum Discussion

Nimbostratus

Oct 21, 2013

Authenticate clients with server certificate

We've configured a virtual server, with SSL Client profile, in order to authenticate clients with a corporative CA. This CA generates only server certificates, so it doesn't work. When we try to...

Employee

Oct 21, 2013

Setting the client certificate authentication in the client SSL profile to "request" instead of "require" should work for you.

This setting should allow (client) server certificates to pass validation (ie. there is no validation), however it will also allow access without a certificate. To prevent that you may need an iRule like the following:

when CLIENTSSL_HANDSHAKE {
    if { [SSL::cert count] eq 0 } {
        reject
    }
}

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

F5 Architecture Track Sessions - AppWorld 2026

DevCentral News

announcement

Appworld2026

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

Authenticate clients with server certificate

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

2026 301a exam

UCS Encryption Question

Unblock Request WAF

VIP is not responding on SYN after enabling other modules like ASM, APM and AFM.

VIP in https that redirect to another vip in https

Related Content

BIG-IQ Client Certificate (PKI) Authentication

SSL Profiles Part 8: Client Authentication

Automating Certificate Management on F5 BIG-IP

APM Clientless certificate authentication

Client Authentication with certificate on one URI only

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS