check ssl server certificate on client side

Question

Hello,&nbsp;
is it possible to check for a ssl server certificate on the client side? 
The problem is that we have an application which is only capable to show a ssl server certificate and no client certificate. Is it possible to verify this with an iRule or with the apm module?&nbsp;
Thank you.&nbsp;

vernonwells · Answer

I apologize, but the request isn't entirely clear to me. Firstly, I assume that you are not using SSL offload on the BIG-IP. Is that correct? Are you attempting to ensure that the traffic on a specific port uses a TLS handshake before starting? Are you attempting to ensure that the TLS handshake includes a server certificate? While TLS provides mechanisms for operation without certificates (e.g., anonymous key exchange), I don't believe that almost any user-agent supports TLS without at least a server certificate.

christian_15402 · Answer

The client connects via HTTPS to the BIG-IP. The BIG-IP also connects to the server via HTTPS. We want to ensure that the client (internet) has a valid certificate. The problem is, this specific application installed on the client is only capable to use a server certificate. On the BIG-IP, i think, it is only possible to require/request a client certifacte on the client side.

Forum Discussion

check ssl server certificate on client side

2 Replies

Recent Discussions

Can iRule mask the payload content on event logs of security

minimum tmos software version for connect CIS (openshift)

Chrome V 124+ on MacOS - Virtual Server Access Issue

F5 Rseries HA

Need advise to setup a policy on F5

Related Content

Bypass certificate check

BIG-IQ Certificate

APM Certification Study Guides

Irule client certificate check against ldap value

About client profile (apm-forwarding-client-tcp)