Follow

Q&A: Does F5 Silverline Support Client Certificate Authentication?

 

Question

  •  Does F5 Silverline support Client Certificate Authentication?
    • Is there a workaround/solution?

Environment

  • Silverline WAF
  • Silverline DDoS
    • Proxy
  • iRule
  • SSL

Answer

  • No. F5 Silverline does not validate Client Certificate
    • Silverline has to terminate SSL with the client and opens a new session to the backend, This is so that we can inspect/parse traffic with the WAF policy
  • However, F5 Silverline can insert a custom HTTP header with the Client Cert information
    • Can you please let us know the scenarios or values that you'll be using for validation on the backend?
      • If possible, please provide an output of the expected cert information and the information that you need to match/verify to allow or drop traffic
    • What is the custom HTTP header that you would like to use? (Default: "X-F5-Cert")
    • What would you like the iRule name to be called? (Default: "X-Client-Cert")
    • How would the cert info be inserted into the header? (baes64 or URI-encoded?) 

Related Content

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request