Forum Discussion
Marvin
Cirrocumulus
Apr 12, 2022Request client cert auth based on URL
I am trying to request client cert authentication based on select URL and it works with a whitelist only but when i use the negate in the datagroup with a datagroup including URI string values it doe...
- Apr 20, 2022
Try replacing [SSL::cert 0] with [X509::whole [SSL::cert 0]]
iaine
Nacreous
Apr 13, 2022Hi
Your "not" command looks OK to me. As you are converting to lowercase, are the entries in your data group all in lowercase also? Have you logged the output of HTTP::uri to ensure that you will get a match?
In regard to a specific CA, have you looked at "Advertised Certificate Authorities" in the SSL profile? Also, have you seen Rodrigo's great write up on this? - https://community.f5.com/t5/technical-articles/client-ssl-authentication-on-big-ip-as-in-depth-as-it-can-go/ta-p/281020
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects