Forum Discussion
xbillmann
Nimbostratus
NimbostratusEdge client : automatic client certificate selection
Hi,
We are configuring F5 Edge client VPN connexion with client cert inspection within the APM policy.
The client ssl profile is configured with request and the CA is selected under Trusted Certificate Authorities and Advertised Certificate Authorities.
When connecting to the vpn users are prompt with a popup asking to select the certificate. There is only one client certificate in the store.
Is there a feature with F5 Edge client to select automatically the client certificate to use for authentication ?
Best regards
spalandeNacreous
Is that a machine certificate authentication you want to use? If you configure APM policy with machine certificate auth in VPE, it would happen automatically. BIGIP edge client must be installed with admin credentials
xbillmannIt is user certificate not machine.
When we select the certificate in the popup the connexion works. We just want to simplify the user and select the certificate automatically.
The popup looks like this :
- spalande
Is there a reason you are not looking for machine certificate auth?
https://support.f5.com/csp/article/K13614
This works seem less without the user intervention. We will keep the comments open if someone has done with the user certificate to share the setup.
boneyardMVP
when there is just one applicable certificate then im used it gets auto selected.
do you advertise the CA in the client SSL profile?
- xbillmann
Client said the prompt is present when connecting for the first time.
I did enable advertised CA.
I tried the Machine cert auth box in APM with the option "CurrentUser" for the certificate store location and I think it work to check the client certificate and not machine.
But I have to do more test with the client to see if it fix the prompt of certificate.
- thrillseeker
We have the same issue here. Any hints or solutions are very much appreciated. thanks.
