Forum Discussion

Nimbostratus

Apr 29, 2024

(How) can I get two client certificates in one APM session?

I have a customer with iPads that need to authenticate to APM with a user certificate. This has been working fine, but there is also now need to read a field from a per-device certificate on each iPa...

BIG-IP Access Policy Manager (APM)

cert auth

clientssl

Lucas_Thompson

Employee

Apr 30, 2024

You should be able to simply use multi-domain SSO (it allows multiple hostnames to share the same APM session) with two DNS names and use two vips (each with a separate "advertised CAs" setting in the clientssl profile so hopefully the client doesn't get a popup to choose the cert), attached to the same access profile, and collect the second certificate once the session is established inside of a per-request policy.

Testing and setting this up would be somewhat complex.

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

(How) can I get two client certificates in one APM session?

Recent Discussions

Which process is consuming higher CPU

F5 Health Monitor Receive String as JSON

Background Tasks

SSL bridging without SSL proxy forward

Big-IP VE edition for MacBook M4 Chip

Related Content

Slack Mutual TLS Recipe: Adding X-Client-Certificate-SAN header from client certificate

Re: Management Certificate

ASM vs to APM vs and client certificates

Client ssl certification bulk installation

Certifications for security professionals

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS