Forum Discussion
Horizon Client authentication failure
Following rule 'fallback' from item 'View Client Cert Inspection' to ending 'Deny.'" means Client cert inspection failed (there was not a valid client certificate received by the big-ip). I would verify the client certificate has not expired and was issued by the certificate authority you have selected (root ca certificate for CA should be attached to your client ssl profile as "Trusted Certificate Authorities").
I would set your logging level to debugging (check out the apm log profile you set in the iapp) and tail your apm (/var/log/apm) log while attempting to connect. Also set your ssl logging level to debug (modify /sys db log.ssl.level value Debug) and tail your ltm logs at the same time.
Openssl s_client is a good way to test client certificates. Check out this solution article for a few additional client certificate trouble shooting tips: 14819
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com