Forum Discussion

Nimbostratus

Oct 05, 2013

SNI and Client certificate authentication

Hi LTM 11.4.0 VE I want a VS that listens to 443 and terminates TLS 1.0+ https traffic. It should have two Client SSL profiles (with different certificates and hostnames in the certificates...

Nimbostratus

Oct 12, 2013

Thanks for the excellent reply Kevin!

In my case I ended up with two SSL profiles and one OCSP authentication profile and an iRule that send traffic to the correct pool for the type of client as determined by the iRule looking at the certificate in CLIENTSSL_CLIENTCERT.

It seems to work reasonably well. I think we can live with not being able to set different cipher suites on the two SSL profiles.

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

SNI and Client certificate authentication

Recent Discussions

Background Tasks

APM with EntraID as idP / request signed

Should config via cli rather than gui?

APM Modern Customization - modify Header in user-common.js and form in user-logon.js

Which process is consuming higher CPU

Related Content

BIG-IQ Client Certificate (PKI) Authentication

Distributed caching of authentication requests with NGINX Ingress Controller

My Security+ Certification Journey

C3D forged certificate

Authenticating Kubernetes

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS