Forum Discussion
APM Machine Cert Auth unable to find the private key
I have been doing some testing within a customer environment for a SSL VPN solution. As part of the solution, a machine cert must be checked and validated before the logon page. My problem is that everytime the process exits through the "Found" rule, which according to F5 doc means no private key has been found. But my testing is based on a standalone edge client on windows 7 that includes the machine checker service, I also use local admin for all testing.
Looking into the cert itself, it definitely has an associated private key, there is an interesting issue that the key has a blank subject field, the DNS FQDN is specified in the SAN field. I doubt whether this is related to the issue that edge client can't find the private key.
Has anyone seen this before.
Thanks in advance.
- Seth_CooperEmployee
The only time I have seen this is if the user doesn't have permission to the private key.
To troubleshoot you need to do a few things...
Enable client logging on the client machine by following the instructions on the following page by adding the registry entry described. http://support.f5.com/kb/en-us/solutions/public/12000/600/sol12639.html
Using the Windows-based registry 1. Open the Registry Editor by typing the following command from the Run prompt: regedit 2. Expand the HKEY_CURRENT_USER tree. 3. Expand the Software tree. 4. Expand the F5 Networks tree. 5. Expand the RemoteAccess tree. 6. Click the Logging tree. Note: If you see the LogLevel DWORD value in the right panel, skip to Step 11. 7. Right-click on the Logging tree. 8. Click New. 9. Click DWORD Value. 10. Type LogLevel in the box, and then press the Enter key. Note: Registry value names are case sensitive. 11. In the right panel, double-click LogLevel. A pop-up window displays. 12. Select the Decimal for the base option. 13. In the Value data: box, type the logging level. Type 63 to set debug logging level. Type 31 to set normal logging level. 14. Click OK.
You will then want to navigate to
or%userprofile%\Local Settings\Temp
on Windows XP, or to%temp%
or%userprofile%\AppData\Local\Temp
on Windows 7 or Vista.%temp%
Look for the log file
and remove it. Connect to the APM and after it fails review the log file. If you would like you can post it here and we can try to see what is happening to cause your problems.f5mcertcheck.txt
Regards,
Seth Cooper
- Zebra_131802Nimbostratus
This is a F5 bug. It has now been fixed.
- Riley_Schuit_82Historic F5 AccountCan you give the ID to help others who see this?
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com