Forum Discussion

Spidey_29396's avatar
Spidey_29396
Icon for Nimbostratus rankNimbostratus
Feb 27, 2014

How to deploy client authentication(require) using F5's self-signed certificate

Hi All,   Is there any deployment guide using client authentication require. whenever i try to change the Client Certificate option to require, it doesn't work but if change to auto,request and no...
application delivery
availability
deployment
design
LTM
TMOS
dragonflymr's avatar
dragonflymr
Icon for Cirrostratus rankCirrostratus
May 29, 2015

Well, from trace it looks for me that you are using self-signed certificate as client certificate (one installed in browser). I doubt it will work as only CA is certificate itself (if I can say so). Then there is no way to place any valid CA certificate in Trusted Certificate Authority field.

 

I did it as described in solution mentioned in my old post:

 

Using openssl Created private CA (generating key and certificate)

 

Issue CSR for client certificate

 

Get it signed by my CA

 

Then convert client key/cert pair to PKCS12

 

Import in browser as User certificate for authentication

 

Select my private CA certificate in Trusted Certificate Authority field (sure imported it first into LTM via System > File Management > SSL Certificate List)

 

After that everything works like a charm.

 

Of course if you using some public well known CA for signing client certificate you have to set this CA in Trusted Certificate Authority field (or probably build in ca-bundle will work)

 

Piotr