PSD2 client cert check and passthrough Subject DN

Question

I have been asked to implement a client cert check with external CA's and if the check passes then pass through the client cert Subject DN to the backend application for checking and action by application.

I am an F5 newbie but from my reading I don't want to have to create a certificate bundle on the device as it will need updated as the CA's change.

Any help about how this can be done quickly would be appreciated. I have a pentest scheduled and I want to do a cert check fail and pass

Thanks

Richard

simon_blakely · Answer

&gt; I have been asked to implement a client cert check with external CA's and if the check passes then pass through the client cert Subject DN to the backend application for checking and action by application.&nbsp;You need to use the Client&nbsp;Certificate&nbsp;Constrained&nbsp;Delegation&nbsp;(C3D) feature: &nbsp;K72668381:&nbsp;&nbsp;Overview of the SSL Client Certificate Constrained Delegation feature&nbsp;K14065425:&nbsp;&nbsp;Configuring Client Certificate Constrained Delegation (C3D)

F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

PSD2 client cert check and passthrough Subject DN

1 Reply

F5 Container Ingress Services (CIS) and using k8s traffic policies to send traffic directly to pods

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

can't access on prem dns when using F5LTM as a gateway

Issue with TLS Version 1.1 Deprecated Protocol

Service discovery is not happening in AS3

Load balanced RDP VIP use in APM

Deleting an AS3 Tenant

Related Content

X509 Subject Formatting

Passthrough IPSec with AFM

HTTPS passthrough fallback URL

Announcing F5 NGINX Gateway Fabric 1.4.0 with IPv6 and TLS Passthrough

Lightboard Lessons: IPS Passthrough

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS