Forum Discussion

Nimbostratus

Oct 05, 2013

SNI and Client certificate authentication

Hi LTM 11.4.0 VE I want a VS that listens to 443 and terminates TLS 1.0+ https traffic. It should have two Client SSL profiles (with different certificates and hostnames in the certificates...

Nimbostratus

Oct 06, 2013

A bit more investigation. Without any authentication profile enabled and just a default SNI ssl client profile and another ssl client profile that uses SNI and a simple irule:

when CLIENTSSL_HANDSHAKE { log local0.debug "My selected sslprofile [PROFILE::clientssl name]" }

I always get the sslprofile name of the profile that is on top in the list in my VS->SSL Profile (Client) even though I send in SNI in my handskake and I get the correct server certificate back.

I would have expected to get the profile name in the log that is corresponding to my SNI clientssl profile...

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

SNI and Client certificate authentication

Recent Discussions

Problem with lets encrypt and redirect after update

Should config via cli rather than gui?

Is a Dedicated Interface, VLAN, and Self IP Required for a VIP in an F5 Configuration?

question about getting hsl data to be formatted properly in splunk

iRule for client certificate verification and inserting CN

Related Content

Re: Management Certificate

SSL client certificate LDAP authenticate before authorizing

ASM vs to APM vs and client certificates

Client ssl certification bulk installation

Certifications for security professionals

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS