For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Zaid_Rufaie_297's avatar
Zaid_Rufaie_297
Icon for Nimbostratus rankNimbostratus
Mar 10, 2011

One to one SSL Mapping

Hi All,

 

 

On Microsoft IIS, we can do a one-to-on certificate mapping so each user has his/her own certificate embedded in the browser for authentication.

 

 

Can we do the same in Firepass by anyhow?? Or better if we can do it using BIG-IP APM???

 

 

Thanks,

 

 

 

BIG-IP Access Policy Manager (APM)
remote access
security

4 Replies

  • Mike_61719's avatar
    Mike_61719
    Icon for Cirrus rankCirrus
    Mar 21, 2011
    Are you referring to seperate certificates for each user? So Mike will have certificate 1 and Zaid will have a different certificated 2?
  • Minn_62043's avatar
    Minn_62043
    Icon for Cirrostratus rankCirrostratus
    Jun 16, 2011
    In FirePass, you can add "Client Cert Check" in Pre-logon sequence.

     

    Users > Endpoint Security > Pre-Logon Inspection > Client Certificates

     

     

    And edit the rule to match something in the current session variables. (e.g if you have a specific CN name that matches some of the unique user session variables).

     

     

    I haven't tested, though =)
  • Mike_61719's avatar
    Mike_61719
    Icon for Cirrus rankCirrus
    Jun 30, 2011
    Posted By Zaid Rufaie on 06/15/2011 02:47 AM

     

    Sorry for the late reply! Yes this is exactly what i meant.

     

     

    Yes, you can do this. You either need a certificate server or use a local user accounts within Firepass to generate unique certificates.