Forum Discussion

Cirrus

Mar 06, 2024

Dynamic CRL Check with Client SSL Profile - How to notify the user?

Hi, we have implemented dynamic CRL checking with client SSL profile in our test environment with BIG-IP 15.1. And it works. If a test user tries to establish a SSL session to a VIP with dynam...

Kevin_Stewart
Apr 09, 2024
Spit-balling here, but do you have Client Certificate auth set to Request or Require? The latter will terminate the session if validation fails. The former will not.

Kevin_Stewart

Employee

Apr 09, 2024

Spit-balling here, but do you have Client Certificate auth set to Request or Require? The latter will terminate the session if validation fails. The former will not.

SMilanic
Cirrus
Apr 09, 2024
Hi Kevin,
Yes, in fact, setting the Client cert auth to "Request" instead of "Require" solved the problem.
When the Client cert auth is set to "Request", we can catch the result in an iRule and redirect the client's browser to an error page.

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

Dynamic CRL Check with Client SSL Profile - How to notify the user?

Recent Discussions

Which process is consuming higher CPU

F5 Health Monitor Receive String as JSON

Background Tasks

SSL bridging without SSL proxy forward

Big-IP VE edition for MacBook M4 Chip

Related Content

OAuth 2.0 Dynamic Client Registration

TLS Fingerprinting to profile SSL/TLS clients without decryption

An irule to validate client ID via DNS lookup using the stream profile.

Dynamic DNS registration of APM SSL VPN Client to AWS route53

APM Cookbook: Dynamic APM Variables

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS