Client Authentication

Question

I have successfully set up my web application / virtual server to use SSL by creating a self signed certificate and using SSL Offloading.  I now want to authenticate my clients by using a certificate.  ie only browsers that have the certificate will be able to get to the site.&nbsp;
I've created a new self signed certificate for the client to present and set same Client SSL Profile to Require a client certificate.  I then set the trusted certificate authority to the certificate I created.&nbsp;
When connecting to the site it now no longer works.  &nbsp;
How does the client even know what certificate to present ?
Can I do this with a single .crt on the client that I generated from the F5?&nbsp;
Any assistance is appreciated.&nbsp;

arnaud_lemaire · Answer

In your client SSL profile, client authentication authentication sub menu you need to set :&nbsp;
require client certificatetrusted CA to match client cert againstAdvertise CA to help the client pick the good one (not mandatory)
if something is not working you can activate ssl debug log to have some info (system/logging menu then /var/log/ltm)&nbsp;

Forum Discussion

Client Authentication

1 Reply

Recent Discussions

vulnerabilities (CVE-2020-36363), CVE-2016-0736,CVE-2019-6593-FOR VERSION BIGIP LTM-16.1.4

Unwinding the Benefits of Investing in White Label Crypto Wallet

SMTP profile not visible & showing

About AWAF "Redirect URLs" in "Responses and Blocks"

F5 iRule to replace host to path

Related Content

BIG-IQ Client Certificate (PKI) Authentication

Distributed caching of authentication requests with NGINX Ingress Controller

Application Programming Interface (API) Authentication types simplified

Selective Client Cert Authentication

AD Authentication and Local DB Authentication in APM