F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

mikegray_198028's avatar
mikegray_198028
Icon for Cirrus rankCirrus
Apr 25, 2016

external client authetication certificate

hello team   Can we use external client authentication certificate, if so is there any security issue?  
application delivery
LTM
Kevin_Stewart's avatar
Kevin_Stewart
Icon for Employee rankEmployee
Apr 26, 2016

Ah, I see. Well, as Josiah answered in your other post (https://devcentral.f5.com/questions/client-authentication-user-authentication-certificates?, once consumed the BIG-IP will have access to all of the X509 data from the certificate. The CA bundle provides a trust mechanism to complete the SSL handshake. You then need to provide a mechanism to validate the contents of the certificate. Take a look at the X509 section in the wiki for some ideas on how to handle this in iRules.

 

https://devcentral.f5.com/wiki/iRules.X509.ashx