Question
- Does F5 Silverline support Client Certificate Authentication?
- Is there a workaround/solution?
Environment
- Silverline WAF
- Silverline DDoS
- Proxy
- iRule
- SSL
Answer
- No. F5 Silverline does not validate Client Certificate
- Silverline has to terminate SSL with the client and opens a new session to the backend, This is so that we can inspect/parse traffic with the WAF policy
- However, F5 Silverline can insert a custom HTTP header with the Client Cert information
- Can you please let us know the scenarios or values that you'll be using for validation on the backend?
- If possible, please provide an output of the expected cert information and the information that you need to match/verify to allow or drop traffic
- What is the custom HTTP header that you would like to use? (Default: "X-F5-Cert")
- What would you like the iRule name to be called? (Default: "X-Client-Cert")
- How would the cert info be inserted into the header? (baes64 or URI-encoded?)
- Can you please let us know the scenarios or values that you'll be using for validation on the backend?