Forum Discussion

Nimbostratus

Oct 14, 2015

Client Authentication Based On URI

Hello, Currently, to configure client authentication on a URI, we create 2 client SSL profiles (one of which is parent for the other) and 2 iRules that check a data group against the URI list. The ...

Kevin_Stewart

Employee

Oct 16, 2015

Does this iRule require the client cert configured for that /secureApi folder on the web servers then?

It does not. In fact you probably don't want to try to do client cert auth at the web servers at all.

Also, would this iRule work with a cert bundle configured for the Trusted Certificate Authorities option?

You absolutely need a Trusted Certificate Authorities bundle applied to the client SSL profile for mutual authentication to work. It won't be referenced until you actually renegotiate the SSL session and request a certificate from the client.

I have configured the client profile with one cert and am getting ERR_CONNECTION_RESET.

One cert? Are you talking about the certificate and private key selection in the top of the client SSL profile?

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

Client Authentication Based On URI

Recent Discussions

Reporting Help Needed

Switch ssl profile based on weak cipher detection via IRULE

F5 looses the token for the first call

iRule - Url rewrite and header replace and pool selection not working

full-proxy HTTP2

Related Content

Simple HTTP Authentication server

Pass client cert based on POST data

F5 Client filtering based on cisco switch port info

Client Certificate Authentication - Machine or Client cert APM method

Akamai G20 Header Authentication

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS