double authentication with check CN serial number and certificate authority

Hello,

I'm back to give you some news.
We have created a specific vhost for testing purposes and so as not to impact the other services hosted on the shared virtual servers.
The irule for verifying the CN and serial number of the certificate is up and running (validated by the customer).
We'll now look at configuring the SSL client profile.

Best regards.

Hi Jean_Mamène,

take a look at this knowledge base article: K13452: Configure a virtual server to serve multiple HTTPS sites using the TLS Server Name Indication feature.
You can use it to assign a specific SSL profile that requires client cert auth to the host you want to authenticate. 

Please pay attention to URL, Host, FQDN and other terms. It makes discussions here in devcentral much easier when the correct terms are used.

KR
Daniel

Hello,Thank you for your feedback.
Daniel_Wolf, I'll be more careful next time about the vocabulary used.
I'm currently running tests and I'll get back to you to confirm that it's working properly.

Hello Jean_Mamène ,

It should be possible to have this work on the same VIP, theorically.
To configure client authentication, You need to build a clientSSL profile and configure it for the specific SNI "url4.example.com", and enable client authentication with "require" setting on this same profile. You should import the trusted CA that singed this certificate on BIG-IP
https://my.f5.com/manage/s/article/K13452
https://my.f5.com/manage/s/article/K12140946

Next step is verifying client-certificate informations (SN, etc.) at authentication time. This can be achieved via iRule.
You can get ideas from this code here, and tune it to check/match the requirements of your deployment. 
https://clouddocs.f5.com/api/irules/ClientCertificateCNChecking.html