Forum Discussion
bluzdoggy_17129
Nimbostratus
NimbostratusHorizon Client authentication failure
I am running Big IP version 12.1.0 with APM and Horizon View 7.0.1. Currently attempting setup with the f5.vmware_view.v1.5.1 iapp template. The feature we really want to implement is using smartca...
Following rule 'fallback' from item 'View Client Cert Inspection' to ending 'Deny.'" means Client cert inspection failed (there was not a valid client certificate received by the big-ip). I would verify the client certificate has not expired and was issued by the certificate authority you have selected (root ca certificate for CA should be attached to your client ssl profile as "Trusted Certificate Authorities").
I would set your logging level to debugging (check out the apm log profile you set in the iapp) and tail your apm (/var/log/apm) log while attempting to connect. Also set your ssl logging level to debug (modify /sys db log.ssl.level value Debug) and tail your ltm logs at the same time.
Openssl s_client is a good way to test client certificates. Check out this solution article for a few additional client certificate trouble shooting tips: 14819