Forum Discussion

Cirrus

Nov 29, 2014

Solved

Server and client certificate CN should match or not in client authentication

During client authentication set to require. F5 certificate CN and Client certificate CN should match? I uploaded CA bundle through GUI but that is not shown in /config/file...

nitass_89166
Nov 29, 2014
F5 certificate CN and Client certificate CN should match?

no, cn should not be the same because they authenticate different things (one authenticates server but the other one authenticates client).

I uploaded CA bundle through GUI but that is not shown in /config/filestore/files_d/Common_d/certificate_d

i understand it is correct. trust_certificate_d is for device trust.

nitass_89166

Noctilucent

Nov 30, 2014

i do not know what the full name of CHecking.crt in filestore is and what and where the client certificate file is. anyway, this is an example.

 openssl verify -verbose -CAfile /config/filestore/files_d/Common_d/certificate_d/\:Common\:chain.crt_39032_1 /var/tmp/client2.crt

Muhammad_Irfan1

Cirrus

Nov 30, 2014

I have uploaded CA bundle but when looking into that certificate_d folder they are converted into 3 certificates of CA which bundle contained. Now I am scratching my head. 1. server authentication is successfully done, 2. now client authentication is not working. 3. certificate authority of both F5 and client certificates is same. 4. Certificate authority have 2 intermediate and 1 root cert, put in browser and converted into bundle and put in F5 as well. 5. Any certificate issued by mobilink to client will work or for this application client certificate will have something unique which will identify that this certificate is for this app. 6. Have you performed client authentication before? I want all the clients have the same cert and f5 will not have that cert, f5 will only have ca bundle to validate client cert right? 7. If that same bundle is working in server authentication then same bundle should work in client authentication as issuer of both is same. 8. The testing I am doing is with cert which was for some other purpose but issued by mobilink so that will work for client authentication as well right as F5 only checks issuer?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

Server and client certificate CN should match or not in client authentication

Jonathan - March 2026 Featured Member

F5 AppWorld 2026 Las Vegas - iRules Contest Winners!

2026 F5 DevCentral MVP Announcement

Recent Discussions

Changes to DO and AS3 GitHub - no longer monitored

[ASM] : SQL-INJ "end-quote UNION" - How to allow this signature to specific url/uri/parameter only

[ASM] - How to disable the SQL injection attack signatures

[ASM] : "Request length exceeds defined buffer size " - How to increase the limit ?

Help with SSH Virtual Server

Related Content

Automating Certificate Management on F5 BIG-IP

APM Clientless certificate authentication

Certificate Automation for BIG-IP using CyberArk Certificate Manager, Self-Hosted

BIG-IQ Client Certificate (PKI) Authentication

Automating ACMEv2 Certificate Management on BIG-IP

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS