MW1
Jul 05, 2010Cirrus
...most likely a stupid Q by a stupid person
Sorry to be asking such a basic Q but wondering if anyone can shed some light/point me in the direction I need to look regarding setting client authentication using SSL certificates. We have internally an old MS certificate server that I have installed the CA cert on to a LTM v9.3 (upgrading soon finally), and on the client SSL profile I've set the client authentication section to:
client cert - required
Frequency - once
Depth - 9
Advertised cert - none (tried specifying the internal CA cert which does reflect on the client to the certificates show but no change to end result)
and nothing config'd for the CRL
When I hit the virtual server I get prompted for the client cert in IE but when I select the cert the connection just gets dropped (presume fails the auth). If I change the client cert to required to request I do get to the web page after submitting the cert but presuming after reading the differences that the auth is still failing just its letting me in.
Can anyone advise
1) Bar the settings in the client Auth box in the client SSL profile is there another step I need to do
2) Is there anyway to turn on any debugging on the client authentication so I can try to figure out why it is failing?