Forum Discussion
NimbostratusIOS 11 not parsing client certificate
Hello DevCentral
I am trying my luck here as it seems support also struggles to find a solution to this issue.
I am making a ActiveSync using KCD as auth based on client certificate, which is working awesome when testing from a browser. My big issue is that I am not able to get the iPhone to pass it's certificate to BIGIP.
I have tried doing it directly on the SSL profile both with Require and Request. Then I tried setting it to ignore and using On-Demand Cert Auth instead of Client Cert Inspection. But nothing works. I can see in the SSL dump that the BIGIP is requesting the certificate from the correct CA, but cert length returned is a big ZERO.
On a side note, when I am trying the same thing from the Android mail app and requesting the cert from the SSL profile directly, the certificate is passed on to the BIGIP. But my customer is using iPhones unfortunately.
Do not hesitate to ask me for more information.
Best Regards
Søren_NielsenCirrus
Solved.
krisdamesAre you able to share how this was solved, to help others with a similar situation (like me)?
- Søren_Nielsen
Hi Kris.
Sorry for the delay.
I solved it by setting the SSL Client profile to request client certificate along with a profile holding the trusted CA and used the same profile for advertising. Still using the Client Cert Inspection.
Hope that helps.