For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Sebas_82058's avatar
Sebas_82058
Icon for Nimbostratus rankNimbostratus
Jun 18, 2014

Two-way SSL authentication with self-signed client certificate

Hi, we're trying to implement a two-way SSL authentication against one of our virtual servers.   We have a certificate for our virtual server, which is signed by a CA and is working just as expect...
application delivery
LTM
security
Neeraj_Jags_152's avatar
Neeraj_Jags_152
Icon for Cirrus rankCirrus
Nov 05, 2014

I configured as per two way auth in F5 LB LTM ver 11.x as per below: - Client side SSL configured Server side SSL configured with key & cert and same key and cert are exist on pool member server.

 

Only server side SSL auth is working but Client auth is not working:- take this way. Client shared a open.ssl self signed certificate let say client_cert.cer I have imported client_cert.cer in F5. then When I configuring the SSL Client Profile, I selected the client_cert.cer in drop down box of Trusted Certificate Authorities :-- .. is this configuration TRUE, or will I need the different CA certificate from client

 

nitass's avatar
nitass
Icon for Employee rankEmployee
Nov 05, 2014
>I read, somewhere, that we can just set the mode to request and then add an iRule to validate the certificate. Is that possible? yes, i think so. for trusted certificate authorities setting, you can leave it none. Client Certificate CN Checking (The second example)   https://clouddocs.f5.com/api/irules/ClientCertificateCNChecking.html >When I configuring the SSL Client Profile, I selected the client_cert.cer in drop down box of Trusted Certificate Authorities :-- .. is this configuration TRUE i think it could work too but i think the codeshare is more flexible. hope this helps.