Forum Discussion
jakru_162096
Nimbostratus
Hello,
take a look on client ssl profile. You have whole section there called "Client Authentication" where you define parameters used to determine if client with certain certificate should be allowed or not.
More details here: https://support.f5.com/csp/article/K14783
jakru_162096
Nov 19, 2018Nimbostratus
Zaklina,
if you need bigip to drop the request you need to actually have that proxy ssl function disabled (this is default). That way your f5 tries to negotiate ssl handshake and if the client does not provide proper certificate it will fail.