Forum Discussion
SanjayP
Apr 06, 2021Nacreous
Yes. You would need to build the data group of all valid client certificates.when BIGIP receives the details of the certificate it would match against the known records and take action if either allow or reject. This needs to be done using an iRule.
Serial number is unique per certificate so if someone try to spoof the certificate also SubjectDN (common name) can be the same but Serial Number won't match.
Following are the unique values of the certificate.
- SubjectDN and Issuer CA (combination)
- Serial Number
- Thumbprint