F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

MW1's avatar
MW1
Icon for Cirrus rankCirrus
Jul 05, 2010

...most likely a stupid Q by a stupid person

Sorry to be asking such a basic Q but wondering if anyone can shed some light/point me in the direction I need to look regarding setting client authentication using SSL certificates. We have internall...
config
design
hoolio's avatar
hoolio
Icon for Cirrostratus rankCirrostratus
Jul 05, 2010
There isn't really any additional debug you can enable. You can capture a tcpdump and decrypt it using ssldump to get more info on what's failing. Try searching the forums here and support.f5.com for ssldump for details on using the command.

 

 

I think you're correct that the the client cert request is probably still failing with the mode set to request.

 

 

You should add the CA (and intermediate cert) to a bundle and configure it as the advertised and trusted CA bundle on the client SSL profile. The advertised bundle tells the client what CA issuers will be accepted. The trusted CA bundle is what LTM will use to validate the cert.

 

 

Aaron
Related Content