Forum Discussion

Nimbostratus

Nov 16, 2018

Filtering based on client certificate

Hello, I want to make F5 filter user requests based on client certificate so that requests that do not have certificate are not passed to web server. Also, F5 shouldn't authenticate the user. Ho...

Nimbostratus

Nov 16, 2018

Hello,

take a look on client ssl profile. You have whole section there called "Client Authentication" where you define parameters used to determine if client with certain certificate should be allowed or not.

More details here: https://support.f5.com/csp/article/K14783

jakru_162096

Nimbostratus

Nov 19, 2018

Zaklina,

if you need bigip to drop the request you need to actually have that proxy ssl function disabled (this is default). That way your f5 tries to negotiate ssl handshake and if the client does not provide proper certificate it will fail.

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

Filtering based on client certificate

F5 Academy at AppWorld 2026

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

How can I get started with iCall

Connection Rest f5

Kubernetes cert-manager + LetsEncrypt + F5

The GSLB pool is providing an incorrect IP to end users

Unable to ping from some self ip on Velos

Related Content

Automating Certificate Management on F5 BIG-IP

Automating ACMEv2 Certificate Management on BIG-IP

SSL Client Certification Alert 46 Unknown CA

HTTPS Routing based on Client Certificates values with F5 Distributed Cloud

BIG-IQ Client Certificate (PKI) Authentication

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS