Client SSL profile based on uri

Question

Hello team,&nbsp;I have two client ssl profile one with client authentication and another without client authentication, can we select these profiles based on uri? F5 OS version 14.1.2&nbsp;I tried with iRule for SSL::cert mode request but the browser not requesting for the certificate.&nbsp;when CLIENTSSL_CLIENTCERT { set ssl_cert [SSL::cert 0] } when HTTP_REQUEST {&nbsp;&nbsp;if { [string tolower [HTTP::uri]] starts_with "/test" }&nbsp;&nbsp;&nbsp;&nbsp;{&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;HTTP::collect&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;SSL::authenticate always&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;SSL::authenticate depth 9&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;SSL::cert mode request&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;SSL::renegotiate&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;HTTP::header insert clientcert "[IP::client_addr]:[TCP::client_port]: cert 0; subject=[X509::subject [SSL::cert 0]];[X509::issuer [SSL::cert 0]]; cert_serial=[X509::serial_number [SSL::cert 0]];"&nbsp;&nbsp;&nbsp;&nbsp;}&nbsp;&nbsp;}

dario_garrido · Answer

Hello VishnuVG.&nbsp;Use require instead of request.&nbsp;This example should suit your requirements.REF - https://clouddocs.f5.com/api/irules/SSL__renegotiate.html&nbsp;Regards,Dario.

Forum Discussion

Client SSL profile based on uri

1 Reply

F5 Academy at AppWorld 2026

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

Connection Rest f5

Kubernetes cert-manager + LetsEncrypt + F5

The GSLB pool is providing an incorrect IP to end users

Unable to ping from some self ip on Velos

Not seeing the latest F5OS-A when running Journeys

Related Content

SSL Profiles Part 8: Client Authentication

iRule based RADIUS Client Stack

Stop Using the Base TCP Profile!

HTTPS Routing based on Client Certificates values with F5 Distributed Cloud

TLS server_name extension based routing without clientssl profile

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS