For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Sunnypro_250536's avatar
Sunnypro_250536
Icon for Nimbostratus rankNimbostratus
Apr 03, 2018

Client Authentication for 2 Way SSL client SSL profiles

Hello ,   I have a question regarding the 2 Way Client SSL profile. Currently we are using a Client SSL profile for one of the Virtual Server, we are using the Client authentication enabled to hav...
application delivery
client ssl profile
LTM
Kevin_K_51432's avatar
Kevin_K_51432
Historic F5 Account
Apr 03, 2018

Greetings,

 

"we want to restrict the connections by having the actual client certificate to be trusted ,not with the root and intermediate."

 

The signing certificates (root / intermediate) are used only to verify other (client) certificates. By associating the signing certificates in the profile, you are trusting them and the certificates they sign.

 

"we did try adding a client certificate to the LB and remove the root and intermediate from the LB trust, but it never worked. not sure whether this can be implemented or not."

 

If you want to limit the connections to the signed client certificate, ensure the LTM Client SSL profile Client Authentication > Client Certificate option is set to "Required".

 

Hope this is helpful!

 

Kevin