Forum Discussion

Subrun's avatar
Subrun
Icon for Cirrostratus rankCirrostratus
Feb 24, 2022

Queries related to F5 Certificate Based Authentication.

Hello all and Rodrigo_Albuque  I need some help as below. Refer to below I have some questions. I need to allow 2 client to access one web applicaiton hosted at my F5. And for those 2 client I wan...
application delivery
Rodrigo_Albuque's avatar
Rodrigo_Albuque
Icon for Cirrocumulus rankCirrocumulus
Mar 01, 2022

Hi Subrun, apologies for the delayed reply but I wasn't feeling very well in the last couple of days. BIG-IP will return the client certificate as valid if it's signed by one of the CAs in your Trusted Certificate Authorities file. If you need to restrict access to your specific certificate, you need to use iRules. Here's an example: https://community.f5.com/t5/technical-forum/irule-to-validate-that-the-client-certificate-is-allowed-via-cn/td-p/200156

Also, note that you don't have to sign your cert by a Public CA. You can create your own self-signed CA, create your client certificate and sign it with your self-signed CA. and then you can add your self-signed CA that signed your client certificate to Trusted Certificate Authorities. It works as well.