I need some clarification regarding client authentication via certificate.
We have to make access, on our website, only one of our clients to a specific URI via certificate, while all the other customers will continue to access all the other URIs without any certificate.
The first starting point is in the SSL client profile where we should set the Client Authentication in "REQUEST" in order to terminate the handshake even if the certificate is not correct or no certificate is sent by the client.
Our goal is that F5, when sending the Certificate Request packet, asks the client for a specific certificate and not the possibility to send any certificate.
To do this we have to configure, in the SSL profile client, the Advertised Certificate Authority with the CA that generated the certificate we are expecting? It's correct?
With this setting, the Distinguished Names relating to the certificate is then populated in the Certificate Request package and will the browser only propose the sending of this specific certificate and not other certificates?