client cert help..

Need help on why Big-IP v4.5 PTF-05 Build 2. The following settings are configured:

 

 

PROXY ADVANCED PROPERTIES

 

Insert certificate: Issuer, Validity, Certificate

 

Client certificate: Request

 

Client certificate CA File: CertFile.crt

 

Client authenticate once: checked

 

 

With the following rule specified:

 

 

if (http_header("SSLClientCertStatus") contains "OK" and http_header("referer") contains "navy.mil") {

 

use pool server_pool

 

}

 

else {

 

redirect to "some other site?appurl=https://%h/%u"

 

}

 

 

 

The problem is the site is requesting the client cert fine but is not checking if it is valid or issued by a particular CA. Please help, any document or samples or suggestions would be appreciated.