Forum Discussion

Marvin's avatar
Marvin
Icon for Cirrocumulus rankCirrocumulus
Apr 12, 2022
Solved

Request client cert auth based on URL

I am trying to request client cert authentication based on select URL and it works with a whitelist only but when i use the negate in the datagroup with a datagroup including URI string values it doe...
application delivery
cert auth
irule
  • spalande's avatar
    spalande
    Apr 20, 2022

    Try  replacing [SSL::cert 0] with [X509::whole [SSL::cert 0]]

iaine's avatar
iaine
Icon for Nacreous rankNacreous
Apr 13, 2022

Hi

Your "not" command looks OK to me.  As you are converting to lowercase, are the entries in your data group all in lowercase also?  Have you logged the output of HTTP::uri to ensure that you will get a match?

In regard to a specific CA, have you looked at "Advertised Certificate Authorities" in the SSL profile?  Also, have you seen Rodrigo's great write up on this? - https://community.f5.com/t5/technical-articles/client-ssl-authentication-on-big-ip-as-in-depth-as-it-can-go/ta-p/281020