For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Will_Adams_1995's avatar
Will_Adams_1995
Icon for Nimbostratus rankNimbostratus
Oct 18, 2015

Client authentication random failure - 11.6 HF4

We have a pair of BIG IP 6900 appliances that work as an active/passive HA pair. Recently we have upgraded the appliances to 11.6 HF4 (we were on 11.3 HF10) and have been having issues with our clie...
BIG-IP Access Policy Manager (APM)
design
management
security
Kevin_Stewart's avatar
Kevin_Stewart
Icon for Employee rankEmployee
Oct 19, 2015

1 and 4: just want to confirm that on the broken platform, that there is no CRL checking done in the client SSL profile (or parent profile) applied to the VIP. Are you requesting the client certificate from the client authentication section of the client SSL profile, or are you doing an On-Demand Cert Auth in the APM visual policy?

 

2 and 3: Can you elaborate on "certificate check"?

 

5: I'm asking what you're doing with the certificate information. Do you do any sort of authentication in the access policy based on the client's certificate?