Forum Discussion

Cirrus

Jul 12, 2021

C3D, Client Certificate passing issue

For application new requirement, we need to pass the client certificate to backend server. We enabled the C3D option on the client and server SSL profile. I created the CA certificate and key (...

MVP

Jul 12, 2021

Hi Kannan,

your config looks right. From my memory there are two things that could possibly be wrong.

First: The CA key/certificate you are using for C3D is not capable to create new certificates (must be type: Issuing CA Certificate).

Second: the application / web server does not trust certificates issued by this Issuing CA. Did you import this certificate on the application / web server as a trusted CA?

You can do a tcpdump between the F5 and the application / web server and you will see the TLS handshake, from the handshake / tcpdump you can export the certificates that the F5 sends to the backend and check if they are issued properly.

Daniel

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

C3D, Client Certificate passing issue

Recent Discussions

Background Tasks

APM with EntraID as idP / request signed

Should config via cli rather than gui?

APM Modern Customization - modify Header in user-common.js and form in user-logon.js

Which process is consuming higher CPU

Related Content

Request Client Certificate And Pass To Application

Passing Arguments to iCall Scripts

BIG-IQ Client Certificate (PKI) Authentication

ASM not passing client cookies to the node servers

Slack Mutual TLS Recipe: Adding X-Client-Certificate-SAN header from client certificate

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS