Nuruddin_Ahmed_
Dec 26, 2016Cirrostratus
Client Certificate Authentication Risks
Hi, currently I have a VS which is working on 'require' client authentication setting. I have imported the root certificate of client certificate in 'Trusted Certificate Authorities' and 'Advertised Certificate Authorities'. Additionally, we have created two irules, one would validate the serial number of the certificate and other would validate the CN of the certificate. I want to know, is it a good approach? are there any security risks with it? What are some of the things which I can tighten as part of client certificate authentication?