Forum Discussion

Spidey_29396's avatar
Spidey_29396
Icon for Nimbostratus rankNimbostratus
Feb 27, 2014

How to deploy client authentication(require) using F5's self-signed certificate

Hi All,   Is there any deployment guide using client authentication require. whenever i try to change the Client Certificate option to require, it doesn't work but if change to auto,request and no...
application delivery
availability
deployment
design
LTM
TMOS
Rafa_Ayala's avatar
Rafa_Ayala
Icon for Nimbostratus rankNimbostratus
May 27, 2015

Hi ,

 

In the sol : https://support.f5.com/kb/en-us/solutions/public/14000/400/sol14499.html

 

To create the Client SSL profile, use the following command syntax: create /ltm profile client-ssl ca-file client-cert-ca cert key peer-cert-mode require

 

For example, to create a new Client SSL Profile sample-clientssl by using the client certificate client1-cert, the client key client1-key, require client certificate mode, and the trusted CA and Advertised Certificate Authorities is clientCA-cert, type the following command: create /ltm profile client-ssl sample-clientssl ca-file clientCA-cert.crt client-cert-ca clientCA-cert.crt cert site-cert.crt key site-key.key peer-cert-mode require

 

What are these certificates? ( site-cert.crt key site-key.key )

 

Thank you

 

  • dragonflymr's avatar
    dragonflymr
    Icon for Cirrostratus rankCirrostratus
    May 27, 2015
    Hi, Those are your web server cert and key used for standard SSL Handshake by server to which client is connecting. So the ones you have to set for clientssl profile without client authentication. I GUI you are setting those for clientssl profile in Configuration section - Certificate and Key fields. Piotr