What is Mutual SSL authenication

Question

Dear All,&nbsp;
Can someone explain me ssl mutual authenication &amp; how to implement the same in LTM.&nbsp;

kevin_stewart · Answer

Mutual authentication is simply an SSL handshake in which the server requests a certificate from the client. Normal (server authenticated) SSL always sends the server's certificate to the client, which only authenticates the server to the client.&nbsp;
The easiest way to do this is a minor modification to the client SSL profile. In the Client Authentication section of the client SSL profile:&nbsp;

Set Certificate Authentication to "request" or "require". The difference is that one fails open (request) if the client doesn't send a cert or sends a bad cert, and the other fails closed (require).

Apply a CA certificate or CA bundle to the Trusted Certificate Authorities selection. This is the CA, or group of CAs that the BIG-IP will need to form a complete PKI trust chain from the client's certificate to the self-signed root CA. If the user's certificate is issued by the root CA, then you only need that root CA in this selection (you must upload that CA to the BIG-IP first). If the user's certificate is issued by a subordinate CA, then you need a CA bundle that contains all of the CA's in the trust path. The bundle is nothing more that a text file with all of the PEM-formatted CA certificates included.

Forum Discussion

What is Mutual SSL authenication

1 Reply

F5 Academy at AppWorld 2026

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

Connection Rest f5

Kubernetes cert-manager + LetsEncrypt + F5

The GSLB pool is providing an incorrect IP to end users

Unable to ping from some self ip on Velos

Not seeing the latest F5OS-A when running Journeys

Related Content

What is Mutual TLS (mTLS)?

Mutual authetication from imperva to F5

Verifying Slack Requests with Mutual TLS

Selective mutual authentication by HTTP::Host

Sample Slack App for testing Mutual TLS with BIG-IP

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS