Forum Discussion

xbillmann's avatar
Icon for Nimbostratus rankNimbostratus
Apr 07, 2021

Edge client : automatic client certificate selection



We are configuring F5 Edge client VPN connexion with client cert inspection within the APM policy.

The client ssl profile is configured with request and the CA is selected under Trusted Certificate Authorities and Advertised Certificate Authorities.


When connecting to the vpn users are prompt with a popup asking to select the certificate. There is only one client certificate in the store.

Is there a feature with F5 Edge client to select automatically the client certificate to use for authentication ?


Best regards

10 Replies

  • Is that a machine certificate authentication you want to use? If you configure APM policy with machine certificate auth in VPE, it would happen automatically. BIGIP edge client must be installed with admin credentials​

    • xbillmann's avatar
      Icon for Nimbostratus rankNimbostratus

      It is user certificate not machine.

      When we select the certificate in the popup the connexion works. We just want to simplify the user and select the certificate automatically.


      The popup looks like this :


  • Is there a reason you are not looking for machine certificate auth?


    This works seem less wit​hout the user intervention. We will keep the comments open if someone has done with the user certificate to share the setup.

    • xbillmann's avatar
      Icon for Nimbostratus rankNimbostratus

      Can we use the machine certificate auth action to look in to the user certificate store ?

  • when there is just one applicable certificate then im used it gets auto selected.


    do you advertise the CA in the client SSL profile?

  • Client said the prompt is present when connecting for the first time.

    I did enable advertised CA.


    I tried the Machine cert auth box in APM with the option "CurrentUser" for the certificate store location and I think it work to check the client certificate and not machine.


    But I have to do more test with the client to see if it fix the prompt of certificate.

    • kevinmc's avatar
      Icon for Altocumulus rankAltocumulus

      Did this solution work for you? Do you still have the Client certificate option selected in the SSL Client profile or just the machine cert check in the APM policy?

  • We have the same issue here. Any hints or solutions are very much appreciated. thanks.