Forum Discussion
Muhammad_Irfan1
Cirrus
CirrusClient authentication require problem
Currently my client side profile is set to request. The certificate issue to me by CA XXX. CA XXX have a chain of three certificates 2 intermediate and 1 root certificate. I converted those 3 CA cert...
nitass
Employee
EmployeeAnd i have CA xxx chain in my trusted CA bundle so if i set client authentication to required will it work?
yes
Do i need to put the client certificate as well in the bundle?
no
nitassEmployee
Employee>In which format I will have to put certificate in browser?
normally i use pkcs12 but whatever certificate file format it accepts is fine.
>and in which tab, personal tab?
yes
The certificate presented by F5 to client is CN=10.50.171.5, During client authentication should the client presenting certificate should also have CN= 10.50.171.5?
cn should be different (they authenticate different things).
>Can I use that certificate in browser which I am using in F5 client profile?
of course.
>can one certificate be used in all client machines or each client will have an individual ceritificate only issued to him
either is okay.
>he said that looks like the client is not presenting the certificate which F5(server) is requesting.
didn't you set peer-cert-mode to require?
by the way, have you seen ssl profile article here? it may be helpful.
SSL Profiles by Jason Rahm and John Wagnon
https://devcentral.f5.com/s/articles/ssl-profiles-part-1
