Forum Discussion

mlanghorst's avatar
mlanghorst
Icon for Nimbostratus rankNimbostratus
Apr 04, 2023

APM On-Demand cert auth failing for curl command line client

Had a requirement for a site that was moving from Apache with ACL's over to F5 in front of an Apache instance, that only requires a user certificate authentication for a specific /uri.  For the SSL profile, I have to leave it at ignore, as request would always request a cert even for the other uri's.

In an irule I have an if statement in the HTTP_REQUEST block that says if the uri startswith /blah ACCESS::enable, else ACCESS::disable.  

This works as desired for a browser client, but when using:
curl -k --cert ./mlanghorst_cert.pem --key ./mlanghorst_key.pem --cacert CA5_bundle.pem https://mydomain/protected_path/index.html

It doesn't seem to present the cert to the F5, since the SSL profile is ignore, it doesn't seem to renegotiate for the client cert.

Ideas on how to fix this?

3 Replies