Forum Discussion

Nimbostratus

Jun 22, 2011

Client Certificate Authentication

Hello Everyone, I was given a .arm file to install on the F5 . What would be the best way to do client certificate authentication using the file I was given?

Cirrostratus

Jun 22, 2012

Hi Sojan,

In SSL, the server (LTM in this case) can specify the CA issuer cert(s) that it will accept but not tell the client to provide a specific certificate. For LTM, you can select one or more CA certs to send to the client in the SSL handshake using the client SSL profile's trusted CA bundle setting. Within an iRule, you can check for the attributes and either reject the handshake, send an HTTP response, etc if the client cert isn't considered valid.

sol10167: Overview of the Client SSL profile

https://support.f5.com/kb/en-us/solutions/public/10000/100/sol10167.html

Aaron

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

Client Certificate Authentication

Recent Discussions

how to whitelist new source IP on F5 web UI access

F5 to read a combined CRL file

Upgrade F5 BIGIP

ISP Load Balancing, SNAT pool instead of Automap link self-ip, anyway to do health check ?

MAC address of deleted VS IP address still responsive

Related Content

Slack Mutual TLS Recipe: Adding X-Client-Certificate-SAN header from client certificate

Re: Management Certificate

SSL client certificate LDAP authenticate before authorizing

ASM vs to APM vs and client certificates

Client ssl certification bulk installation

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS