Q&A: Does F5 Silverline Support Client Certificate Authentication?

Question

•  Does F5 Silverline support Client Certificate Authentication?
  • Is there a workaround/solution?

Environment

• Silverline WAF
• Silverline DDoS
  • Proxy
• iRule
• SSL

Answer

• No. F5 Silverline does not validate Client Certificate
  • Silverline has to terminate SSL with the client and opens a new session to the backend, This is so that we can inspect/parse traffic with the WAF policy
• However, F5 Silverline can insert a custom HTTP header with the Client Cert information
  
  • Can you please let us know the scenarios or values that you'll be using for validation on the backend?
    • If possible, please provide an output of the expected cert information and the information that you need to match/verify to allow or drop traffic
  • What is the custom HTTP header that you would like to use? (Default: "X-F5-Cert")
  • What would you like the iRule name to be called? (Default: "X-Client-Cert")
  • How would the cert info be inserted into the header? (baes64 or URI-encoded?) 

Related Content

• https://devcentral.f5.com/s/question/0D51T00006i7TJW/irule-to-require-client-certificate-and-validate-it
• How to Contact SOC / How to Contact Silverline Support
• Q&A: Is TLS mutual auth supported in Silverline?