Forum Discussion
nuovain
Nimbostratus
NimbostratusSelective mutual authentication by HTTP::Host
Hi all, i'm trying to create an irule but i'm stuck, this is the situation: I only have one vip for two clients with different subdomain ( example1.domain.com and example2.domain.com), there i...
You can create new clientSSL profile with SNI option selected with server name added for the domain who needs mTLS and keep wildcard as default for SNI. So VIP would have 2 clientssl profiles (1 existing wildcard + new sni clientssl profile)
In the new, clientssl profile, you can select the mTLS option require and CA of the client certificate to validate it.
You can also add any custom iRule if needed to validate subjectDN of client cert or sending the cert details to the backend (this is optional as per requirement)
spalande
Nacreous
NacreousYou can create new clientSSL profile with SNI option selected with server name added for the domain who needs mTLS and keep wildcard as default for SNI. So VIP would have 2 clientssl profiles (1 existing wildcard + new sni clientssl profile)
In the new, clientssl profile, you can select the mTLS option require and CA of the client certificate to validate it.
You can also add any custom iRule if needed to validate subjectDN of client cert or sending the cert details to the backend (this is optional as per requirement)
nuovainThanks!
just one last question for curiosity: could i set ssl::verify to use a specific CA chain?