Forum Discussion

Nimbostratus

Feb 22, 2018

Bypass Client Certificate authentication

Hello, I have an existing working irule that handles client authentication. The Client SSL Profile is set to request a client certificate. My question: How to bypass this existing cli...

Nimbostratus

Feb 22, 2018

when CLIENT_ACCEPTED {
    if { $static::debug == 2  } { log local0. "CIP: Client connected from [IP::client_addr]:[TCP::client_port]" }
}

when CLIENTSSL_CLIENTCERT {
    if { $static::debug == 2  } { 
         Check if client presented a cert after it was requested/required
        if { [SSL::cert count] > 0 } {
             Loop through each cert and log the cert subject, issuer and serial number
            for { set i 0 } { $i < [SSL::cert count] } { incr i } {
                log local0. "CIP: [IP::client_addr]:[TCP::client_port]: cert $i; subject=[X509::subject [SSL::cert $i]];\
                    [X509::issuer [SSL::cert $i]]; cert_serial=[X509::serial_number [SSL::cert $i]];"
            }
        } else {
            log local0. "CIP: [IP::client_addr]:[TCP::client_port]: No client cert found!"
        }
    }
}

Forum Discussion

Bypass Client Certificate authentication

Recent Discussions

Enterprise Security best practices with F5 WAF

Disk space full - what files, folders are safe to delete?

ASM instance creation

BIG-IP DNS: Check Status Of Multiple Monitors Against Pool Member

Open Redirection Mitigation

Related Content

Bypass certificate check

F5 BIG-IP Access Policy Manager (APM) - Google Authenticator and Microsoft Authenticator

APM Clientless certificate authentication

BIG-IQ Client Certificate (PKI) Authentication

Doing mTLS Authentication per URL