F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

SSL Profiles Part 8: Client Authentication

This is the eighth article in a series of Tech Tips that highlight SSL Profiles on the BIG-IP LTM. SSL Overview and Handshake SSL Certificates Certificate Chain Implementation Cipher Suite...

Updated Mar 24, 2023

Version 3.0

LTM

security

series-the-ssl-profile

ssl

tech tip

ltwagnon

Ret. Employee

Joined May 15, 2019

View Profile

ltwagnon

Ret. Employee

Mar 06, 2019

Hi Daniel...great question! Yes, if you install a certificate signed by a CA (like DigiCert), then clients with that signed certificate would be able to connect. The BIG-IP would effectively be told to accept connections from a signed DigiCert (or whatever you use) certificate. You could move back to the self signed cert if you want. But, I'm wondering if there's another solution for accepting clients. Maybe you could try other options rather than having to use Client Authentication? Obviously I don't know all the details of your setup, but I'm just thinking there might be some other ways to accept some clients and not others. Do you have ASM running by chance?

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

SSL Profiles Part 8: Client Authentication

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS