Forum Discussion

Cirrocumulus

Apr 12, 2022

Request client cert auth based on URL

I am trying to request client cert authentication based on select URL and it works with a whitelist only but when i use the negate in the datagroup with a datagroup including URI string values it doe...

application delivery

cert auth

irule

spalande
Apr 20, 2022
Try replacing [SSL::cert 0] with [X509::whole [SSL::cert 0]]

Dario_Garrido

MVP

Apr 13, 2022

Hello Marvin.

Personally, I didn't notice any problem with using negate expressions with data-groups. Maybe with this expression:

if { ! ([class match [string tolower [HTTP::uri]] contains DG_ACC_NO_CERT_AUTH]) }{

In the other hand,

Marvin wrote:

Another side question is that we would like to perform the SSL::renegotiate and request a specific client cert from a certain CA issuer, how could we accomplish that?

You can use "Advertised Certificate Authorities" to select the specific CA issuer.
REF - https://support.f5.com/csp/article/K14783

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

Request client cert auth based on URL

Recent Discussions

Background Tasks

Which process is consuming higher CPU

SSL bridging without SSL proxy forward

Big-IP VE edition for MacBook M4 Chip

Client SSL Profile set to Require Client Certificate breaks RDP in APM

Related Content

Pass client cert based on POST data

F5 Client filtering based on cisco switch port info

Multiple Algorithms on global VIP based on the group of clients.

Redirect Proxy CONNECT Request at LB level based on URL

Cannot edit "per-request policies" Request status 500

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS