For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

William_Them_99's avatar
William_Them_99
Icon for Nimbostratus rankNimbostratus
Apr 03, 2006

Certificate Authentication Problem

In our environment, if you visit a virtual server hosting an application, the BIGIP will prompt for a client certificate and then authenticate that certificate against an LDAP database.     If t...
application delivery
dev
devops
iRules
William_Them_99's avatar
William_Them_99
Icon for Nimbostratus rankNimbostratus
Apr 28, 2006
We worked with F5 support on this and were pointed back to DevCentral as it is thought to be an iRule issue. This was the relevant response...

 

 

The problem that is occurring is that the client cert and the server cert exchange is all occurring during the SSL handshake, before anything is passed to your iRule. I've actually enlisted some aid in this case and this is the suggestion that was made. This would be to see if a rule could be created that would somehow have a variable set when using the "request" option ["request" in the client SSL profile]. That variable would check to see if a client certificate was correctly received, if not redirect. If the client correctly identifies themselves with a certificate, then allow access through.

 

 

 

Can anyone help us out here?