mutual SSL Certificate Verify event

Question

Hi,&nbsp;
in the context of mutual TLS, I'd like to intercept the certificate verify (digitally signed with client's cert private key) message sent by the client to the F5.&nbsp;
I could not find the appropriate event to look for - I've seen the CLIENT_HANDSHAKE but it does not seem to fit my need. Nor the others listed in the documentation. &nbsp;
How can I intercept and read that particular message? I want to be able to save it for revalidation of the key (troubleshooting+revalidation), but I cannot understand how to grab it in the first place.&nbsp;
Cheers,
M&nbsp;

surgeon · Answer

If my understanding is right, you want big-ip authenticate client based on it's certificate. The connection should not be initiated until client presents it's certificate.&nbsp;
If I am right then you need to configure Client Authentication in applied client ssl profile.&nbsp;
https://support.f5.com/csp/article/K14783&nbsp;

surgeon · Answer

Look here https://support.f5.com/csp/article/K16700&nbsp;

Forum Discussion

mutual SSL Certificate Verify event

Recent Discussions

F5 ASM CEF Sending Logs in Specific TimeZone

Inquiry About the "ast-api-discovery" Repository

SNI Sites not taking correct certificate.

How to implement LTM forward proxy client to determine the diversion pool based on the domain name

Can i apply ddos profile on virtual server using port range

Related Content

Verifying Slack Requests with Mutual TLS

What is Mutual TLS (mTLS)?

why the device certificate verify failed when the device certificate is not expired?

Slack Mutual TLS Recipe: Adding X-Client-Certificate-SAN header from client certificate

Automating ACMEv2 Certificate Management on BIG-IP

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS