Forum Discussion

Nimbostratus

Jun 22, 2011

Client Certificate Authentication

Hello Everyone, I was given a .arm file to install on the F5 . What would be the best way to do client certificate authentication using the file I was given?

Cirrostratus

Jun 22, 2012

Hi Sojan,

In SSL, the server (LTM in this case) can specify the CA issuer cert(s) that it will accept but not tell the client to provide a specific certificate. For LTM, you can select one or more CA certs to send to the client in the SSL handshake using the client SSL profile's trusted CA bundle setting. Within an iRule, you can check for the attributes and either reject the handshake, send an HTTP response, etc if the client cert isn't considered valid.

sol10167: Overview of the Client SSL profile

https://support.f5.com/kb/en-us/solutions/public/10000/100/sol10167.html

Aaron

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

Client Certificate Authentication

F5 Academy at AppWorld 2026

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

Connection Rest f5

Kubernetes cert-manager + LetsEncrypt + F5

The GSLB pool is providing an incorrect IP to end users

Unable to ping from some self ip on Velos

Not seeing the latest F5OS-A when running Journeys

Related Content

BIG-IQ Client Certificate (PKI) Authentication

SSL Profiles Part 8: Client Authentication

Automating Certificate Management on F5 BIG-IP

APM Clientless certificate authentication

Client Authentication with certificate on one URI only

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS