Forum Discussion

Cirrocumulus

Apr 12, 2022

Solved

Request client cert auth based on URL

I am trying to request client cert authentication based on select URL and it works with a whitelist only but when i use the negate in the datagroup with a datagroup including URI string values it doe...

application delivery

cert auth

irule

spalande
Apr 20, 2022
Try replacing [SSL::cert 0] with [X509::whole [SSL::cert 0]]

iaine

Nacreous

Apr 13, 2022

Your "not" command looks OK to me. As you are converting to lowercase, are the entries in your data group all in lowercase also? Have you logged the output of HTTP::uri to ensure that you will get a match?

In regard to a specific CA, have you looked at "Advertised Certificate Authorities" in the SSL profile? Also, have you seen Rodrigo's great write up on this? - https://community.f5.com/t5/technical-articles/client-ssl-authentication-on-big-ip-as-in-depth-as-it-can-go/ta-p/281020

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

Request client cert auth based on URL

AppWorld 2026: Save the Date and Join Our Community In Person!

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

4600 rSeries tenant resizing and HA Dependency

DOSl7 reset learning database voor automatic mode

vlan associated with 2 selfIP on different subnets

Ssl profile different in case of retry

smtp port vs 25 and pool member 587

Related Content

Using Client Subnet in DNS Requests

iRule based RADIUS Client Stack

HTTPS Routing based on Client Certificates values with F5 Distributed Cloud

How to nexthop all requests from VPN clients?

Implementing Client Subnet DNS Requests

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS