For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Maria_Carpinter's avatar
Maria_Carpinter
Icon for Nimbostratus rankNimbostratus
Oct 21, 2013

Authenticate clients with server certificate

We've configured a virtual server, with SSL Client profile, in order to authenticate clients with a corporative CA. This CA generates only server certificates, so it doesn't work.   When we try to...
application delivery
design
devops
iRules
Kevin_Stewart's avatar
Kevin_Stewart
Icon for Employee rankEmployee
Oct 21, 2013

Both options, request and require, perform the same function in the SSL handshake - they instruct the client to pass a certificate. The most significant difference between the two modes is what the server (F5) does with the received certificate. The require mode performs strict validation checking (date validity, trust chain compliance, key usage, etc.). The request mode basically does nothing and is typically used in scenarios where some users may not have certificates, or they're allowed to cancel the certificate prompt and still gain access. You must therefore add your own controls (via iRules) to maintain some of the integrity checking that is done automatically in require mode.