igorzhuk
Apr 06, 2021Altostratus
Client SSL cert Move Traffic To CDN -
hi all, i move the app to CDN before the CDN the BIGIP will check the client SSL cert and base on URI allow to access to the site,
(some of uri work without the client ssl, and some uris work only if the client ssl verify),
Now in CDN we can only request (and not required ) the client ssl but not enforce the PKI check - and insert it via HTTP header,
How i can check if the Client SSL that CDN give me via header trust my CA?
( I don't want to look only for CN because attacker can make a fake client cert with the same CN )?
Does someone have any idea?