For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Nuruddin_Ahmed_

Icon for Cirrostratus rank

Cirrostratus

Sep 05, 2016

require client authentication certificate

Hi,

by default, require client authentication certificate validates what parameters? is it just validates the root & intermediate certificates?

Regards

application delivery

1 Reply

Kevin_Stewart
Employee
Sep 05, 2016
It's going to check at least 2 things:

Certificate validity, which includes X.509 structure and constraints, and validity times

Trust, which must be established from the client cert all the way up to the self-signed root CA. In (I believe) 11.4 and above, the client SSL profile has that ability to consume subordinates (but not the root) from the handshake in order to assist in building the chain, but otherwise the Trusted Certificate Authorities "bundle" must contain the root and every subordinate in the chain path.

A third and optional validation is revocation status, which would come from a CRL.

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

F5 Architecture Track Sessions - AppWorld 2026

DevCentral News

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5