For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

WCP_183386's avatar
WCP_183386
Icon for Nimbostratus rankNimbostratus
Jan 20, 2015

F5 to Jboss

I'd like to use F5 to loadbalance over some Jboss servers (no httpds), also terminating mutually-authenticated SSL at the F5.   How do I get the client's certificate subject name into Jboss to ch...
application delivery
deployment
LTM
security
WCP_183386's avatar
WCP_183386
Icon for Nimbostratus rankNimbostratus
Jan 20, 2015

I figured F5 would provide the validation of the certificate against the trust store, but not subject name checking. Can F5 check that the certificate actually names a subject that we specify as a valid user? e,g, CN=somename.we.allow ??

 

Brad_Parker's avatar
Brad_Parker
Icon for Cirrus rankCirrus
Jan 20, 2015
That's what the purpose of the Trusted Certificate Authority and the CRL is for. It assumes any certificate issued by the authority not in the CRL is a valid certificate. Checking each subject is redundant to validating the certificate is issued by the root and is not necessarily really security since the subject can easily be spoofed by a different issuer. This is why many use a specific intermediate for issuer for client certs for a specific site.