Forum Discussion

Willda71_98408's avatar
Willda71_98408
Icon for Nimbostratus rankNimbostratus
Sep 28, 2011

SSL/NON-SSL

        Hi there,       i originally posted this in the security group but a member said Id be better off posting it here. He said i could achieve what...
application delivery
dev
devops
iRules
Michael_Yates's avatar
Michael_Yates
Icon for Nimbostratus rankNimbostratus
Sep 28, 2011
Hi Willda71,

 

 

Yes. The F5 can detect if the Client has a Client SSL Certificate. This is configured in the Client side SSL Profile (what is applied in the Virtual Server under SSL Profile (Client)).

 

 

To configure the profile you go to (on v10.x.x): Profiles -> SSL -> Client

 

 

Select the Client SSL Profile (or create a custom SSL Profile (Recommended)) and scroll down to the "Client Authentication" Area. The help for these options are pretty good so you should not have any problems configuring the base requirements.

 

 

You will then need to decide what to do with what you get. That is all pretty much handled by an iRule. I would suggest reading up on the iRule event that you will be needing (CLIENTSSL_CLIENTCERT): http://devcentral.f5.com/wiki/iRules.CLIENTSSL_CLIENTCERT.ashx

 

 

Here is a really good example. This iRule requests a Client SSL Certificate based on the URI:

 

http://devcentral.f5.com/wiki/iRules.client_cert_request_by_uri_with_ocsp_checking.ashx