Forum Discussion

Altostratus

Feb 03, 2015

APM - CAC Authentication: Present specific Certificate to User

We recently upgraded from 11.2 to 11.5 HF7: CAC authentication is functional via APM. Users are currently being presented 3 certificates and I'd like the users to be presented with 1 certificate. ...

Nimbostratus

Feb 03, 2015

It is not clear from your question whether you refer to the client certificate or the certificate presented by the virtual server on the LTM/APM.

If it is the client certificate, then the user has to select which one she wants to present. If there are multiple but only 1 meets the criterion based on the "Advertised CAs" on the connection the the user will not be presented with an option to choose the client certificate.

If you are indeed referring to the server certificate presented by the virtual server, then one suggestion is to have a generic clientssl profile on the virtual server which is not doing any client certificate authentication. Later on in the APM policy add a policy element to do an "OnDemand Certificate Authentication" with the clientssl profile set to the appropriate profile which advertises the CA which you want.

Best.

Forum Discussion

APM - CAC Authentication: Present specific Certificate to User

Recent Discussions

Enterprise Security best practices with F5 WAF

Disk space full - what files, folders are safe to delete?

ASM instance creation

BIG-IP DNS: Check Status Of Multiple Monitors Against Pool Member

Open Redirection Mitigation

Related Content

F5 BIG-IP Access Policy Manager (APM) - Google Authenticator and Microsoft Authenticator

APM Clientless certificate authentication

BIG-IQ Client Certificate (PKI) Authentication

Doing mTLS Authentication per URL

Automate Let's Encrypt Certificates on BIG-IP