Forum Discussion

Cirrus

Mar 06, 2024

Dynamic CRL Check with Client SSL Profile - How to notify the user?

Hi, we have implemented dynamic CRL checking with client SSL profile in our test environment with BIG-IP 15.1. And it works. If a test user tries to establish a SSL session to a VIP with dynam...

Kevin_Stewart
Apr 09, 2024
Spit-balling here, but do you have Client Certificate auth set to Request or Require? The latter will terminate the session if validation fails. The former will not.

Kevin_Stewart

Employee

Apr 09, 2024

Spit-balling here, but do you have Client Certificate auth set to Request or Require? The latter will terminate the session if validation fails. The former will not.

SMilanic
Cirrus
Apr 09, 2024
Hi Kevin,
Yes, in fact, setting the Client cert auth to "Request" instead of "Require" solved the problem.
When the Client cert auth is set to "Request", we can catch the result in an iRule and redirect the client's browser to an error page.

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

Dynamic CRL Check with Client SSL Profile - How to notify the user?

Recent Discussions

ip x-forwarding

ports are showing open on online scanning tool

Upgrade F5 BIGIP

DNS HM Probe issue

Is XFF a must for ASM WAF DoS

Related Content

OAuth 2.0 Dynamic Client Registration

An irule to validate client ID via DNS lookup using the stream profile.

Dynamic DNS registration of APM SSL VPN Client to AWS route53

APM Cookbook: Dynamic APM Variables

Dynamic DNS updates for VPN clients

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS