Forum Discussion

Nimbostratus

Apr 03, 2018

Client Authentication for 2 Way SSL client SSL profiles

Hello , I have a question regarding the 2 Way Client SSL profile. Currently we are using a Client SSL profile for one of the Virtual Server, we are using the Client authentication enabled to hav...

Historic F5 Account

Apr 03, 2018

Greetings,

"we want to restrict the connections by having the actual client certificate to be trusted ,not with the root and intermediate."

The signing certificates (root / intermediate) are used only to verify other (client) certificates. By associating the signing certificates in the profile, you are trusting them and the certificates they sign.

"we did try adding a client certificate to the LB and remove the root and intermediate from the LB trust, but it never worked. not sure whether this can be implemented or not."

If you want to limit the connections to the signed client certificate, ensure the LTM Client SSL profile Client Authentication > Client Certificate option is set to "Required".

Hope this is helpful!

Kevin

Forum Discussion

Client Authentication for 2 Way SSL client SSL profiles

Recent Discussions

BIG-IP DNS iRule issue with static variable

F5 ASM logging profile to specify source IP

Portal Access to HTTPS resources slow

Cannot login to Avaya wanx using f5 apm network access

Hi All, We have viprion 4300 with 4450 blades with 6 blades all blades having same configuration

Related Content

Client SSL Profile

Doing mTLS Authentication per URL

BIG-IQ Client Certificate (PKI) Authentication

Selective Client Cert Authentication

Application Programming Interface (API) Authentication types simplified