Forum Discussion
NimbostratusClient Cert Inspection for Edge client
I'm setting up the edge client in the ipad and iphone to use client certificate check as authentication method. If the user has a valid certificate it connects to the VPN. I have a VS with a client SSL profile that has a client authentication enabled. When the user taps the connect button in their ipad's edge client they receive an error message: "Authentication failed. Please check your credentials or configuration."
In the APM logs I see the following:
"Rule to evaluate = "expr {[mcget {session.ssl.cert.valid}] == "0"}" variable "session.ssl.cert.valid" was not found in the local cache for session "xxxxxx"
I checked the sessions variable for that session and no SSL variables were set at all. Not sure why the SSL session variables are not being populated.
Thanks
4 Replies
- Kevin_Stewart
Employee
Can you elaborate on your configuration?
Do you have the Edge client configured to "Use Certificate"?
Do you have a Trusted Certificate Authorities bundle that includes the issuer of the client's certificate?
Dennis_Andrade_We have the edge client configured to use certificate. yes. as far as the certificate, the users certificates in the ipads are issued by a sub CA. We have the root CA and the sub CA imported to the F5. I'm using the Root CA in the "Trusted Certificate Authority" I also tried to use the sub CA in the trusted certificate authority but I would receive another error message.
- Kevin_Stewart
You should have BOTH CA certificates in the Trusted Certificate Authorities bundle. To create a bundle, copy the base64 (PEM-encoded) content of the CAs' public certificates to a single text file, save that, then import it to the LTM as you would a certificate.
- Dennis_Andrade_
You got it! That worked! Thank you!!!
