Forum Discussion

Cirrocumulus

Apr 12, 2022

Request client cert auth based on URL

I am trying to request client cert authentication based on select URL and it works with a whitelist only but when i use the negate in the datagroup with a datagroup including URI string values it doe...

application delivery

cert auth

irule

spalande
Apr 20, 2022
Try replacing [SSL::cert 0] with [X509::whole [SSL::cert 0]]

iaine

Nacreous

Apr 13, 2022

Your "not" command looks OK to me. As you are converting to lowercase, are the entries in your data group all in lowercase also? Have you logged the output of HTTP::uri to ensure that you will get a match?

In regard to a specific CA, have you looked at "Advertised Certificate Authorities" in the SSL profile? Also, have you seen Rodrigo's great write up on this? - https://community.f5.com/t5/technical-articles/client-ssl-authentication-on-big-ip-as-in-depth-as-it-can-go/ta-p/281020

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

Request client cert auth based on URL

Recent Discussions

SSL bridging without SSL proxy forward

Client SSL Profile set to Require Client Certificate breaks RDP in APM

TS Declarations for DNS

APM file and registry key date check 8 days old

Should config via cli rather than gui?

Related Content

Pass client cert based on POST data

F5 Client filtering based on cisco switch port info

Multiple Algorithms on global VIP based on the group of clients.

Redirect Proxy CONNECT Request at LB level based on URL

Cannot edit "per-request policies" Request status 500

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS