Forum Discussion

Altocumulus

Nov 25, 2024

iRule for client certificate verification and inserting CN

Hi dears, I am trying to write an irule for the below conditions Need to verify the client certificate available and valid otherwise 401 response for unauthorized clients, because this does n...

application delivery

security

zamroni777

MVP

Nov 29, 2024

tls session must be created before http session begins (including client's first http request).

in order for f5 to be able to send http 401, then you have to ALLOW ALL clients tls session setup requests, regardless of the client tls cert validity.
and then use when HTTP_REQUEST to be able to read request URL and evaluate client certificate
(use Request mode instead of Require in vserver's client side ssl profile: https://my.f5.com/manage/s/article/K14819)

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

iRule for client certificate verification and inserting CN

F5 Academy at AppWorld 2026

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

After upgrading from PeopleTools 8.59.11 to 8.61.11 F5 APM is not rewriting the internal URLs

F5 BIG IP laboratory license

F5 mssql health monitor failing

How can I get started with iCall

Connection Rest f5

Related Content

Automating Certificate Management on F5 BIG-IP

Configure NGINX microgateway for MTLS termination and client certificate hash verification

Strict header Insertion

Automating ACMEv2 Certificate Management on BIG-IP

Insert Client Certificate In Serverside HTTP Headers

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS