Forum Discussion

Altostratus

Apr 06, 2021

Client SSL cert Move Traffic To CDN -

hi all, i move the app to CDN before the CDN the BIGIP will check the client SSL cert and base on URI allow to access to the site, (some of uri work without the client ssl, and some uris work only i...

Nacreous

Apr 06, 2021

Yes. You would need to build the data group of all valid client certificates.when BIGIP receives the details of the certificate it would match against the known records and take action if either allow or reject. This needs to be done using an iRule.

Serial number is unique per certificate so if someone try to spoof the certificate also SubjectDN (common name) can be the same but Serial Number won't match.

Following are the unique values of the certificate.

SubjectDN and Issuer CA (combination)
Serial Number
Thumbprint

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

Client SSL cert Move Traffic To CDN -

Introducing the F5 Application Study Tool (AST)

Displaying Application Study Tool (AST) Dashboards in Your Own Grafana Instance

Recent Discussions

What dose "Accept" do in BIG-IP ASM event logs

Is anyone using Certbot for F5 certificate automation? If not, what tool do you use?

Change Content-Type from application/octet-stream to multipart/form-data

f5 AI Gateway pii-redactor not working

Terraform apply failures - loadbalancer_type.https.port_choice

Related Content

Selective Client Cert Authentication

Passing Client CAC / Smart Card Cert to Application Server

Client Cert Fingerprint Matching via iRules

Filtering traffic based on client ip address and URL

iRule to accept client then SSL cert validation

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS