Forum Discussion

Altostratus

Nov 08, 2018

SSL client Cert reuqest per URL

Hi I have LTM only how I can deploy client certificate request in specific URL if client go to the /example he doesn't need a certificate If he goes to /secure URL in the same VIP the client needs...

Kevin_Stewart

Employee

Nov 09, 2018

You can see a goo example here: https://devcentral.f5.com/wiki/iRules.SSL__renegotiate.ashx

But to be clear, you cannot change the attributes of an existing SSL session (OSI layer 6) based on HTTP information (layer 7). In other words, by the time you can see the HTTP URI, you've already processed the SSL. The above link shows an iRule method to force SSL renegotiation and to prompt for a cert (SSL::cert mode require). You can also more easily do this with "step-up authentication" in APM.

Forum Discussion

SSL client Cert reuqest per URL

Win Big in Vegas: The iRules Contest is back with $5k on the line at AppWorld 2026

Jürgen - February 2026 Featured Member

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

Related Content

Selective Client Cert Authentication

Client Cert Fingerprint Matching via iRules

Client Cert Request by URI with OCSP Checking

Request client cert auth based on URL

Client Cert validation