F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

Andy_4962's avatar
Andy_4962
Icon for Nimbostratus rankNimbostratus
Feb 02, 2010

Client Certificate Request on demand

Hello group!     I can not seem to get a client cert request to appear to the end user a second time in a single session.     For authentication purposes, I want to allow the end...
application delivery
dev
devops
iRules
Andy_4962's avatar
Andy_4962
Icon for Nimbostratus rankNimbostratus
Feb 03, 2010
Aaron,

 

 

Your on the right track now, sorry it was hard to explain.

 

 

I logged the SSL::sessionid and with or without SSL::session invalidate the session ID is changed, but no, still no additional prompt from IE7. I suspected the browser was causing that, but I can't find a setting to force it to prompt at each new SSL negotiation.

 

 

I have performed TCP dumps as suggested, and it looks like the BigIP is acting as it should. I can see the re-negotiation occuring and the client being prompted for a cert, and it looks like the client is returning the same response. I am moving on to test with different browsers to try to verify that this is a client side issue. Since I have little to no control of the end users browser, if I can't find a way to trick the browser into restarting it's session, I may be stuck. I'll post more info after testing.

 

 

Thanks!

 

Andy