Forum Discussion

Altostratus

Jun 13, 2019

Client cert auth, more than advertised CA filtering?

We currently use client cert auth using smart cards at my organization. There is a push to move from one CA's certificates to another CA's certificates. There are 3 certificates on each smart card, o...

application delivery

BIG-IP Access Policy Manager (APM)

LTM

stan_piron

Cumulonimbus

Jun 13, 2019

you Should request the IETF to add such filter in tls specifications...

in tls 1.2, section 7.4.4, the certificate request message structure is the following

struct {

ClientCertificateType certificate_types<1..2^8-1>;

SignatureAndHashAlgorithm

supported_signature_algorithms<2^16-1>;

DistinguishedName certificate_authorities<0..2^16-1>;

} CertificateRequest;

F5 can’t send client more information than described in this message

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

Client cert auth, more than advertised CA filtering?

Recent Discussions

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS