Hi, We are doing client certificate authentication using client ssl profile with request setting and it is working. We want to achieve following (requirement is little weired) - Anyone coming without client certificate, should be able to connectAny client who presents its certificate to server should be able to connect only if it has specific CN. The point2 would require the irule otherwise clients with any CN would be able to connect. Thanks

What's the point? If they present a bad certificate they could just stop sending a certificate and be able to get in. And checking the CN is not a very secure thing to check since it could be a faked value. You could potentially give a malicious person access to something you're trying to protect.

Forum Discussion

Nuruddin_Ahmed_

Cirrostratus

Sep 01, 2016

irule for cn value client certificate authentication

Hi, We are doing client certificate authentication using client ssl profile with request setting and it is working. We want to achieve following (requirement is little weired) -

Anyone coming without client certificate, should be able to connect
Any client who presents its certificate to server should be able to connect only if it has specific CN.

The point2 would require the irule otherwise clients with any CN would be able to connect.

Thanks

application delivery

BIG-IP

LTM

1 Reply

ekaleido
Cirrus
Sep 01, 2016
What's the point? If they present a bad certificate they could just stop sending a certificate and be able to get in. And checking the CN is not a very secure thing to check since it could be a faked value. You could potentially give a malicious person access to something you're trying to protect.