SSL profile in relation to client cert

Question

Hi Everybody,&nbsp;&nbsp;
&nbsp;Here my issue : 
&nbsp;We have 2 clients with different certificates which are authenticated by two different root CA. But those 2 clients have to connect to the same SSL VS on the F5.. &nbsp;
&nbsp;So, to do this, we activate the SSL client profile but we can put only one "Trusted Certificate Authorities" :-/    &nbsp;
&nbsp;So I try to perform this authentication from irule but i couldn't manage..&nbsp;
&nbsp;You can find my irule on the file attached to this thread. My problem is CLIENT_ACCEPTED is loaded before CLIENTSSL_CLIENTCERT. And i can use SSL::profile only with the CLIENT_ACCEPTED Event ....  &nbsp;
&nbsp;Someone can help me to do what I want ? Is it possible ?&nbsp;
&nbsp;Thank you for your help !&nbsp;
&nbsp;Nicolas.&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;

hooleylist · Answer

Hi Nicolas, 
&nbsp;  
&nbsp; Can you try cat'ing to the two CA certs together on the command line and then specify that combined bundle as the Trusted Cert Authority in the client SSL profile? 
&nbsp;  
&nbsp; Aaron

hooleylist · Answer

Hi Nicolas, 
&nbsp;  
&nbsp; You can combine two files on the LTM command line using cat: 
&nbsp;  
&nbsp; cat /config/ssl/ssl.crt/ca1.crt /config/ssl/ssl.crt/ca2.crt &gt; /config/ssl/ssl.crt/ca1_ca2_combined.crt 
&nbsp;  
&nbsp; Aaron

Forum Discussion

SSL profile in relation to client cert

Recent Discussions

Upgrade F5 BIGIP

DNS HM Probe issue

Is XFF a must for ASM WAF DoS

Switch ssl profile based on weak cipher detection via IRULE

F5 Switches in 'Changes Pending' Status

Related Content

An irule to validate client ID via DNS lookup using the stream profile.

iControl SOAP SSL client profile creation code sample

HTTP with Arbitrary Client SSL Profile

Upgrade APM edge client

F5 BIG-IP and NGINX - Securing Your AWS VPC Lattice Applications for External Clients

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS