For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

mike_drennen_16's avatar
mike_drennen_16
Icon for Cirrus rankCirrus
Jun 27, 2017

On Demand Certificate Authentication with a Self-Signed cert while using a public cert for HTTPS.

Hi all,   I have been working to find a solution for my company to secure access to APM. We are wanting to check for a cert on all devices accessing the the APM for authentication and only allow ...
application delivery
BIG-IP Access Policy Manager (APM)
Yann_Desmarest's avatar
Yann_Desmarest
Icon for Cirrus rankCirrus
Aug 17, 2017

Hi,

 

You may find what you are looking for in the Client Authentication section of the Client SSL profile.

 

In this section, you can activate Client Certificate Authentication (require, request or ignore)

 

And you can also define the trusted CAs. In your case, it's your Self Signed certificates

 

But it's not recommended to use self signed certificates for client authentication because you can't manage revocation status natively. You have to write an irule to retrieve the serial number of the certificate used by the client and check against a daagroup if it's valid or not.

 

Here a useful link : https://devcentral.f5.com/articles/ssl-profiles-part-8-client-authentication

 

Hope it helps

 

Yann