Forum Discussion
Roderick_Graham
Nimbostratus
NimbostratusAPM Session Variable Not Being Cached
F5 Big-IP LTM 11.4.1 HF7, APM
The objective was to create an access policy that inspects client certificates for a specific certificate and grant access to resources based on that inspection. ...
Roderick_GrahamNimbostratus
NimbostratusI tried the default Client Cert Inspection rule initially but with no success. My workstation would get prompted for a client certificate and would present a firstname.lastname@im.companydomain.com certificate.
I believe the problem was that the LTM does not have the necessary CA to enter in the VIP SSL client profile "Trusted Certificate Authority" configuration setting.
I tried importing certificates to my Windows 7 workstation whose CAs exist on the LTM but was still unsuccessful. Although I successfully imported the certificates to my workstation, when prompted for a client certificate the only option available was that same firstname.lastname@im.companydomain.com.
Since the real objective was to ensure end user clients presented a specific client certificate (not just any client certificate whose CA matches what's configured in the VIPs SSL client profile "Trusted Certificate Authority" setting) I abandoned efforts to evaluate for a 'valid' certificate.