Forum Discussion

Nimbostratus

Aug 11, 2009

bypassing client authentication

i've got a virtual server listening on 443 which uses both a certificate for SSL and also requires client authentication. this works fine i've now been informed of another set of users ...

config

design

hoolio

Cirrostratus

Aug 11, 2009

Hi Skuba,

I'm working on an iRule which does this and a bit more. Maybe when I finish testing it I can post it to the Codeshare.

In the meantime, if you want to selectively request or require a client cert, you'll need to set the SSL profile client cert option to none and then use an iRule to check the requested URI and renegotiate the SSL handshake using SSL::renegotiate for specific URIs. The SSL::renegotiate wiki page has a very simplified example (Click here).

Aaron

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

bypassing client authentication

F5 Academy at AppWorld 2026

Aswin MK - November 2025 Featured Member

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

Could not communicate with the system. Try to reload page.

CVE mitigation on F5 XC vs classic F5 WAF

F5 XC 503 upstream_reset_before_response_started{protocol_error}

UCS Encryption Question

BIG-IP VE: 40G Throughput from 4x10G physical NICs

Related Content

SSL Profiles Part 8: Client Authentication

Configuring APM Client Side NTLM Authentication

Bypass Azure Login Page with OAuth login_hint on F5 BIG-IP APM

BIG-IQ Client Certificate (PKI) Authentication

Selective Client Cert Authentication

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS