Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

PSD2 client cert check and passthrough Subject DN

Richard_Cowell
Nimbostratus
Nimbostratus

‎30-Jan-2020 07:35

I have been asked to implement a client cert check with external CA's and if the check passes then pass through the client cert Subject DN to the backend application for checking and action by application.

I am an F5 newbie but from my reading I don't want to have to create a certificate bundle on the device as it will need updated as the CA's change.

Any help about how this can be done quickly would be appreciated. I have a pentest scheduled and I want to do a cert check fail and pass

Thanks

Richard

Labels:
0 Kudos
1 REPLY 1

Simon_Blakely
F5 Employee
F5 Employee

‎02-Feb-2020 14:24

> I have been asked to implement a client cert check with external CA's and if the check passes then pass through the client cert Subject DN to the backend application for checking and action by application.

 

You need to use the Client Certificate Constrained Delegation (C3D) feature:

 

K72668381:  Overview of the SSL Client Certificate Constrained Delegation feature

 

K14065425:  Configuring Client Certificate Constrained Delegation (C3D)

0 Kudos
Copyright © 2022 Khoros, LLC