Forum Discussion

Altostratus

Nov 08, 2018

SSL client Cert reuqest per URL

Hi I have LTM only how I can deploy client certificate request in specific URL if client go to the /example he doesn't need a certificate If he goes to /secure URL in the same VIP the client needs...

Employee

Nov 09, 2018

You can see a goo example here: https://devcentral.f5.com/wiki/iRules.SSL__renegotiate.ashx

But to be clear, you cannot change the attributes of an existing SSL session (OSI layer 6) based on HTTP information (layer 7). In other words, by the time you can see the HTTP URI, you've already processed the SSL. The above link shows an iRule method to force SSL renegotiation and to prompt for a cert (SSL::cert mode require). You can also more easily do this with "step-up authentication" in APM.

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

SSL client Cert reuqest per URL

F5 Academy at AppWorld 2026

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

After upgrading from PeopleTools 8.59.11 to 8.61.11 F5 APM is not rewriting the internal URLs

F5 BIG IP laboratory license

F5 mssql health monitor failing

How can I get started with iCall

Connection Rest f5

Related Content

Selective Client Cert Authentication

Request client cert auth based on URL

Client Cert Fingerprint Matching via iRules

Client Cert Request by URI with OCSP Checking

Client Cert validation

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS