Client Certificate Authentication - Machine or Client cert APM method
Hello,
I understand the Machine cert checker is a client-side check and the client cert checks are performed as part of SSL negotiation. What I'm not sure about is which method to use to do basic client/machine certificate checking on APM for correct CA and also CRL or OCSP checking. Is there much difference on a windows machine between the machine cert and client cert, is it just the cert location? Can you use either APM machine cert or client cert methods to validate the client certificate and achieve the same result? or are there limitations constraints with either,
thanks
Hello,
Machine cert auth is heavy for the endpoint. The browser need admin rights to access and present the certificate located within the local machine store. That's why you need to install an helper from F5 on client devices. I think that it works with Microsoft devices only. My rules are if you need a 802.1x like solution so machine cert validation is the right solution. Otherwise, I would recommend to go with client cert auth that offer more flexibility and can be used outside APM. In both case Crl and ocsp checking works the same.