Forum Discussion

soymanue's avatar
Icon for Nimbostratus rankNimbostratus
Dec 28, 2011

F5 Edge Client with Internal CA



Currently we are using F5 Edge Client with just AD authentication in the APM.


We want to add the client certificate authentication but it doesn't work.


How can I debug the certificate authentication so that I can find any additional information to know what is going wrong?


We are using an internal CA (Windows 2003 Server). How should we issue the certificates? Maybe we are using a wrong template.


Thank you


2 Replies

  • Hi Manuel,



    In the VPE do you have a check for a Windows Machine Certificate? Also you need to add the CA cert to your BigIP device... when the VPE checks the client cert it will see if it has been issued by your CA cert (which you install on the BigIP under "system" - "file managment" - "SSL Certificate List"). If you have to create a cert bundle you need to install it on the command line.



    Hope this helps.



  • Hi,



    We are migrating from Nortel Conntivitys to F5 Edge Gateways . The Nortel client has the option to pre-specify which certificate to be used for authentication.



    Quite often a lot of users will have 2 or more personal certificates and I was wondered if possible to replicate how the Nortel client works ? Currently in my testing the F5`s display a prompt to chose which one and this preference isn`t saved unless I`m missing something ?



    Thanks for any tips