For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Philip_Lee_6609's avatar
Philip_Lee_6609
Icon for Nimbostratus rankNimbostratus
Sep 21, 2007

SSL cilent certificate authentication

We have a web application (BigIP LTM -> iplanet web servers -> websphere application server).     The web application requires client certificate authentication and HTTPS.     We want to t...
application delivery
dev
devops
iRules
hoolio's avatar
hoolio
Icon for Cirrostratus rankCirrostratus
Oct 12, 2009
Hi Zafer,

 

 

Can you elaborate on what you're trying to accomplish, what you've tried and what is not working?

 

 

You can use the client SSL profile's option for client cert to change how LTM handles client certs for a VIP. To require a client cert for all requests, set the client cert mode to require. Clients who make requests without a valid client cert will receive a TCP reset. If you want to handle this more gracefully, you can set the mode to request and then use SSL::verify_result (Click here) to check the validity of the cert. You could then send an HTTP response to clients who do not present a valid cert.

 

 

Aaron