For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Will_Adams_1995's avatar
Will_Adams_1995
Icon for Nimbostratus rankNimbostratus
Oct 18, 2015

Client authentication random failure - 11.6 HF4

We have a pair of BIG IP 6900 appliances that work as an active/passive HA pair. Recently we have upgraded the appliances to 11.6 HF4 (we were on 11.3 HF10) and have been having issues with our clie...
BIG-IP Access Policy Manager (APM)
design
management
security
Kevin_Stewart's avatar
Kevin_Stewart
Icon for Employee rankEmployee
Oct 19, 2015

I will get the certificate subject for the user account (FQDN, i.e. user, usergroups, domain).

 

You're talking about in the message box, yes? This should be the subject value directly from the user's certificate.

 

I noticed that if I set the CRL (as was being done on the 11.3 instance), this would cause a failure.

 

It would probably be most helpful while troubleshooting to leave the CRL disabled.

 

The same certificate subject is returned

 

Let's focus on the broken platform. No CRL set, APM On-Demand Cert Auth agent set to request with message boxes following each branch, and the client SSL profile set to Ignore. So in this statement are you saying that you see the certificate subject in the fallback branch?