cancel
Showing results for 
Search instead for 
Did you mean: 

PSD2 client cert check and passthrough Subject DN

Richard_Cowell
Nimbostratus
Nimbostratus

I have been asked to implement a client cert check with external CA's and if the check passes then pass through the client cert Subject DN to the backend application for checking and action by application.

I am an F5 newbie but from my reading I don't want to have to create a certificate bundle on the device as it will need updated as the CA's change.

Any help about how this can be done quickly would be appreciated. I have a pentest scheduled and I want to do a cert check fail and pass

Thanks

Richard

1 REPLY 1

Simon_Blakely
F5 Employee
F5 Employee

> I have been asked to implement a client cert check with external CA's and if the check passes then pass through the client cert Subject DN to the backend application for checking and action by application.

 

You need to use the Client Certificate Constrained Delegation (C3D) feature:

 

K72668381:  Overview of the SSL Client Certificate Constrained Delegation feature

 

K14065425:  Configuring Client Certificate Constrained Delegation (C3D)