Forum Discussion
NimbostratusClient Certificate Authentication not working through LTM
Hi, We have an application that requires client certificate authentication, if the client certificates are missing on the client system the APP falls back to basic Authentication and user gets challenged for credentials. When the Application Servers are targeted directly we get Challenged by the Browser for Credentials as the PC didnt have the Certificates installed. However when the Servers are accessed by a VIP on a LTM, the Browser on the Client straightaway throws the following error and no Authentication Prompts. There is SSL Termination on the client side and Server side re-initiation.
"HTTP Error 403.16 - Forbidden Your client certificate is either not trusted or is invalid. ".
Has any one encountered this issue. Any help is appreciated. Thanks in Advance.
Cheers Siva
7 Replies
Vitaliy_SavransNacreous
Do you have ssl termination on F5 device?
Siva_SrinivasanYes, there is SSL Termination.- Vitaliy_SavransWhat sertificate do you use in ssl server profile?
- Siva_SrinivasanClient SSL has a Go-daddy CA cert and the Server Side SSL uses a self signed Certificate.
- Vitaliy_Savrans
Try, to install Go-Daddy intermediate certificate. SOL 13302
- Siva_SrinivasanWe tried adding the Go Daddy Intermediate, still no luck. Another colleague suggested the following and no luck with that either. https://devcentral.f5.com/s/articles/ssl-profiles-part-8-client-authentication
natheCirrocumulus
what client authentication settings have you got on the client ssl profile? I imagine Request would be the best fit here because it will attempt client cert auth if there's a cert available on the client but won't enforce it if there isn't one. Your backend could then deal with the basic auth. Just a thought.
Also, could this feature help instead? Proxy SSL Feature. That way ther server itself does the authenticating.
N
