Forum Discussion

soymanue's avatar
soymanue
Icon for Nimbostratus rankNimbostratus
Dec 28, 2011

F5 Edge Client with Internal CA

Hello

 

Currently we are using F5 Edge Client with just AD authentication in the APM.

 

We want to add the client certificate authentication but it doesn't work.

 

How can I debug the certificate authentication so that I can find any additional information to know what is going wrong?

 

We are using an internal CA (Windows 2003 Server). How should we issue the certificates? Maybe we are using a wrong template.

 

Thank you

 

BIG-IP Access Policy Manager (APM)
remote access
security
  • Seth_Cooper's avatar
    Seth_Cooper
    Icon for Employee rankEmployee
    Apr 13, 2012
    Hi Manuel,

     

     

    In the VPE do you have a check for a Windows Machine Certificate? Also you need to add the CA cert to your BigIP device... when the VPE checks the client cert it will see if it has been issued by your CA cert (which you install on the BigIP under "system" - "file managment" - "SSL Certificate List"). If you have to create a cert bundle you need to install it on the command line.

     

     

    Hope this helps.

     

     

    Seth
  • achrich's avatar
    achrich
    Icon for Nimbostratus rankNimbostratus
    Jul 26, 2012
    Hi,

     

     

    We are migrating from Nortel Conntivitys to F5 Edge Gateways . The Nortel client has the option to pre-specify which certificate to be used for authentication.

     

     

    Quite often a lot of users will have 2 or more personal certificates and I was wondered if possible to replicate how the Nortel client works ? Currently in my testing the F5`s display a prompt to chose which one and this preference isn`t saved unless I`m missing something ?

     

     

    Thanks for any tips