Forum Discussion

Nimbostratus

Nov 16, 2018

Filtering based on client certificate

Hello, I want to make F5 filter user requests based on client certificate so that requests that do not have certificate are not passed to web server. Also, F5 shouldn't authenticate the user. Ho...

Nimbostratus

Nov 16, 2018

Hello,

take a look on client ssl profile. You have whole section there called "Client Authentication" where you define parameters used to determine if client with certain certificate should be allowed or not.

More details here: https://support.f5.com/csp/article/K14783

jakru_162096

Nimbostratus

Nov 19, 2018

Zaklina,

if you need bigip to drop the request you need to actually have that proxy ssl function disabled (this is default). That way your f5 tries to negotiate ssl handshake and if the client does not provide proper certificate it will fail.

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

Filtering based on client certificate

Jonathan - March 2026 Featured Member

F5 AppWorld 2026 Las Vegas - iRules Contest Winners!

2026 F5 DevCentral MVP Announcement

Recent Discussions

T4 and ALL tenant images

Unable to Forward APM and AFM Logs to AWS CloudWatch Using Telemetry Streaming

Managing iRules configuration

CPU load when Prometheus is scraping metrics from F5 BIG-IP LTM

[ASM] - How to disable the SQL injection attack signatures

Related Content

Automating Certificate Management on F5 BIG-IP

Certificate Automation for BIG-IP using CyberArk Certificate Manager, Self-Hosted

Automating ACMEv2 Certificate Management on BIG-IP

BIG-IQ Client Certificate (PKI) Authentication

SSL Client Certification Alert 46 Unknown CA

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS