Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Answers

On Demand Certificate Authentication with a Self-Signed cert while using a public cert for HTTPS.

Hi all,

I have been working to find a solution for my company to secure access to APM. We are wanting to check for a cert on all devices accessing the the APM for authentication and only allow those with the cert. I currently have it working across the board with our public cert installed on my devices, but we want to use a self-signed cert to push to the masses, but still retain our public cert for HTTPS on the portal site.

It seems like this should be something the F5 could handle, but I didn't have any luck searching DevCentral or attempting to add additional profiles to my VIP. Any help would be greatly appreciated.

0
Rate this Question

Answers to this Question

placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

Hi,

You may find what you are looking for in the Client Authentication section of the Client SSL profile.

In this section, you can activate Client Certificate Authentication (require, request or ignore)

And you can also define the trusted CAs. In your case, it's your Self Signed certificates

But it's not recommended to use self signed certificates for client authentication because you can't manage revocation status natively. You have to write an irule to retrieve the serial number of the certificate used by the client and check against a daagroup if it's valid or not.

Here a useful link : https://devcentral.f5.com/articles/ssl-profiles-part-8-client-authentication

Hope it helps

Yann

0