Forum Discussion
C3D forged certificate
- Apr 18, 2023
Here's another resource for C3D configuration: https://community.f5.com/t5/technical-articles/ssl-orchestrator-advanced-use-cases-client-certificate/ta-p/286005, It's specific to SSL Orchestrator integration, but goes into details on the C3D setup and various use cases.
Per your question, C3D forges a new client certificate, signed/issued from your local CA. During the forging process, C3D will copy important attributes over from the real certificate, including subject CN, any extensions you specify to be copied in the "Certificate Extensions" setting in the server SSL profile, plus any that you may inject via SSL::c3d iRules. It won't have the same issuer, fingerprint, thumbprint, etc. because it's effectively a new certificate from a different issuer. Your internal application needs to be able to validate client certificates from this new/local CA.
Thank you All Kevin_Stewart, Daniel_Wolf, and Leslie_Hubertus. I truly appretiate your support!
I do agree with Daniel_Wolf, while I was searching on this subject (C3D) I found a little to no details on F5 KB articles, I wished the articles were more detailed it would have saved more time.
Thank you again.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com