Forum Discussion
client ssl profile update for issuer presented
Hi - my clients are using multiple certificate issuers
so i need to apply ssl profile depending on the client certificate issuer.
if i use the ssl::profile command in rule - it can only be applied within client accepted
how can i switch ssl profile after client SSL certificate is presented and issuer is validated.
if
[X509::issuer [SSL::cert 0] = "ABC"
ssl::profile client_abc
else
ssl::profile client_xyz
thanks
server's request for client certificate happens after client hello and server hello.
so it's not possible to switch ssl profile after client sends certificate.you can try workaround using http redirect to https vserver that uses intended ssl profile.
How To Configure BIG-IP Part 8 - Client Authentication
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com