Forum Discussion
Kevin_Stewart
Oct 21, 2013Employee
Both options, request and require, perform the same function in the SSL handshake - they instruct the client to pass a certificate. The most significant difference between the two modes is what the server (F5) does with the received certificate. The require mode performs strict validation checking (date validity, trust chain compliance, key usage, etc.). The request mode basically does nothing and is typically used in scenarios where some users may not have certificates, or they're allowed to cancel the certificate prompt and still gain access. You must therefore add your own controls (via iRules) to maintain some of the integrity checking that is done automatically in require mode.