I have currently an urgent request from a customer to setup an SSL content with mutual (also called client) authentication.
From the documentation, I can find out how to activate the client authentication on the SSL server, how to setup trusted CA certificates in the CSS, how to forward certificate items into the header towards the backend server, which actions to take if authentication fails,etc,etc...
However, what is not documented (and I can not find any configuration/command example eiter) is how the CSS identifies a particular client from another. I do not want to accept any client that has a valid (and trusted) certificate, only the specific clients that I know of. Is there any kind of "whitelist" configuration possible to obtain this behavior, or is the CSS not able to do real client (mutual) authentication?
Carl Van Campenhout
PS current webns version sg0820303