Forum Discussion
Erki_Märks_2779
Nimbostratus
NimbostratusSSLRequire
Is there a option like SSLRequire in apache for bigip?
I whould like to know if the following is possible in bigip
SSLRequire %{SSL_CLIENT_I_DN_O} eq "test"
Erki_Märks_2779Nimbostratus
NimbostratusSince i didn't find a way to turn on the Advertised Certificate Authorities option from a irule, then one of the solutions seems to be to make a clientssl profile as follows (you can't enable 'client cert ca "id_ee.crt"' from the GUI, but what you can do is to edit the bigip.conf with a text editor and then "b load"):
profile clientssl idauth_optional {
defaults from clientssl
key "web.key"
cert "web.crt"
ca file "id_ee.crt"
client cert ca "id_ee.crt"
peer cert mode ignore
}
