Forum Discussion

Nimbostratus

Feb 05, 2020

Configuring F5 to reliably request pin when CAC card certificate selected

We have a website behind an F5 which is currently configured through an IRULE to request a CAC card certificate when a secure sub directory is requested. This works fine and when I present my email ...

Employee

Feb 18, 2020

To understand your configuration: Do you have an APM profile assigned to the VIP that is supporting the application in question?

---------------

-If the users are internal only, on the same domain as the application, you are accessing the site via Kerberos or NTML.

-you can verify via Powershell by typing the following:

> klist

*Press Enter

-Below is an example of what you will see:

#1 will be the SPN / URL of the application or site you are accessing.

-Example site: fimportal.corp.contoso.com

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

Configuring F5 to reliably request pin when CAC card certificate selected

Security Best Practices for F5 Products

F5 AppWorld 2026 Registration - early bird pricing.

Kostas Injeyan - October 2025 Featured Member

Recent Discussions

NGINX event logs send to F5 Data Collection Device and analysis from BIG-IQ it possible or not?

Failed to execute iptable cmd: ," CMD="iptables -A SSH_ALLOW_RULES error

Cannot ping external interface

HA Failover between two Datacenters

LTM issue Openning new web browser tab

Related Content

Certificate Expiry Email alert configuration

Automating Certificate Management on F5 BIG-IP

Building an OpenSSL Certificate Authority - Configuring CRL and OCSP

Automating ACMEv2 Certificate Management on BIG-IP

Adopting Site Reliability Engineering with F5

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS