Forum Discussion
KarimBenyelloul
Cirrostratus
CirrostratusWhich Certificate Fields Does BIG-IP Alter When Using C3D?
Hello everyone, When the C3D feature is enabled, the BIG-IP generates a new client certificate to authenticate to the back-end server. I would like to understand which fields in the newly generated ...
Hello KarimBenyelloul
The issuer and validity period are always changed. The serial number in the C3D-forged certificate is, by default, copied from the original client certificate. However, this is not guaranteed in all cases. There are known bugs (such as Bug ID892485 referenced in KB K00185847) where the serial number may not be acquired or copied correctly, which can cause issues with OCSP validation and caching.
KarimBenyelloulCirrostratus
CirrostratusOk, many thanks.
