Forum Discussion

Cirrus

Sep 24, 2019

DOD CAC/PIV with C3D (Client Certificate Constrained Delegation)

I’m trying to get DOD CAC to work with C3D (Client Certificate Constrained Delegation). I have no issue using PIV certificate for authentication to work with C3D. With the same configuration, for some reason with CAC certificate, it keeps prompting for PIN number. It would not unlock the certificate stores to be use to authenticated through F5.

The difference between CAC cert and PIV cert is the key usage:

CAC have the following while PIV don’t:

· Key usage; Digital Signature, Non Repudiation

· Extended Key usage; E-mail protection

Any thought? Has anyone use CAC certificate authentication with C3D?

APM

application delivery

iRules

No RepliesBe the first to reply

Recent Discussions

import live updates from version x to version y
Apr 18, 2024 kaoutar
Tenant image upgrade
Apr 18, 2024 CraigMo
iRule editor partition button does not work
Apr 18, 2024 neeeewbie
F5Access | MacOS Sonoma
Apr 18, 2024 letakeda
Overwriting or adding LTM SSL Traffic cert and key using iControlREST
Apr 18, 2024 Gary_Galehouse

Forum Discussion

DOD CAC/PIV with C3D (Client Certificate Constrained Delegation)

Recent Discussions

import live updates from version x to version y

Tenant image upgrade

iRule editor partition button does not work

F5Access | MacOS Sonoma

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

Related Content

SSL Orchestrator Advanced Use Cases: Client Certificate Constrained Delegation (C3D) Support

Troubleshooting Kerberos Constrained Delegation: Strong Encryption Types Allowed for Kerberos

F5 Distributed Cloud - Automatic TLS Certificate Generation - Non-Delegated DNS Zone

Configuring Smart Card Authentication and Kerberos Constrained Delegation in F5 Access Policy Manager (APM)

Single-Sign-On mit Kerberos Constrained Delegation