SSL Profiles Part 8: Client Authentication

This is the eighth article in a series of Tech Tips that highlight SSL Profiles on the BIG-IP LTM.  SSL Overview and Handshake SSL Certificates Certificate Chain Implementation Cipher Suite...
Updated Mar 25, 2023
Version 3.0
LTM
security
series-the-ssl-profile
ssl
tech tip
Daniel_Rodrigue's avatar
Daniel_Rodrigue
Icon for Nimbostratus rankNimbostratus
Feb 28, 2019

We had try Client Authentication successfully with a self-signed Certificate by the Client, importing this Client Certificate on the F5 and setting it on the SSL Client Profile as "Trusted Certificate Authorities".

 

Now we want the Client to use a certificate signed by a CA (lets say "DigiCert"), if I install the CAs on the F5 and configure it on the profile... Anyone with a Certificate signed by DigiCert will be approved... right?

 

But we don't want this....

 

We would like to approve only an specific client... but as the communication will be public so, a Cert CA signed should be the "go to" solution...

 

In this case, a self-signed could be the best option? or Is there a way to only "approve" an specific Certificate, and also check its CAs?

 

Thank you