Forum Discussion

Cirrus

Jun 27, 2017

On Demand Certificate Authentication with a Self-Signed cert while using a public cert for HTTPS.

Hi all, I have been working to find a solution for my company to secure access to APM. We are wanting to check for a cert on all devices accessing the the APM for authentication and only allow ...

application delivery

BIG-IP Access Policy Manager (APM)

Yann_Desmarest

Cirrus

Aug 17, 2017

Hi,

You may find what you are looking for in the Client Authentication section of the Client SSL profile.

In this section, you can activate Client Certificate Authentication (require, request or ignore)

And you can also define the trusted CAs. In your case, it's your Self Signed certificates

But it's not recommended to use self signed certificates for client authentication because you can't manage revocation status natively. You have to write an irule to retrieve the serial number of the certificate used by the client and check against a daagroup if it's valid or not.

Here a useful link : https://devcentral.f5.com/articles/ssl-profiles-part-8-client-authentication

Hope it helps

Yann

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)