Forum Discussion

Nimbostratus

Oct 21, 2013

Authenticate clients with server certificate

We've configured a virtual server, with SSL Client profile, in order to authenticate clients with a corporative CA. This CA generates only server certificates, so it doesn't work. When we try to...

Employee

Oct 21, 2013

Both options, request and require, perform the same function in the SSL handshake - they instruct the client to pass a certificate. The most significant difference between the two modes is what the server (F5) does with the received certificate. The require mode performs strict validation checking (date validity, trust chain compliance, key usage, etc.). The request mode basically does nothing and is typically used in scenarios where some users may not have certificates, or they're allowed to cancel the certificate prompt and still gain access. You must therefore add your own controls (via iRules) to maintain some of the integrity checking that is done automatically in require mode.

Forum Discussion

Authenticate clients with server certificate

Recent Discussions

Enterprise Security best practices with F5 WAF

Disk space full - what files, folders are safe to delete?

ASM instance creation

BIG-IP DNS: Check Status Of Multiple Monitors Against Pool Member

Open Redirection Mitigation

Related Content

BIG-IQ Client Certificate (PKI) Authentication

Client Authentication with certificate on one URI only

SSL Profiles Part 8: Client Authentication

Thumbprint of the client ssl certificate

F5 BIG-IP Access Policy Manager (APM) - Google Authenticator and Microsoft Authenticator