Forum Discussion
Martin_Vlasko
Altocumulus
AltocumulusMachine Certificate Check - why does it fail?
Hi,
I am trying to implement machine certificate check for Edge Client users.
The machine certificate is stored in the default MY store and I assume I have configured the APM action correctly wit...
Yann_Desmarest_
Nacreous
NacreousHi,
Machine certificate check require Admin right on the client side. That's why you should deploy "Machine Certificate Checker" within the Edge Client and install EC with admin rights.
Then, in addition to the Trusted CA, you need to add Common Name or Issuer matching text to the Machine Certificate Check in the VPE.
Martin_VlaskoAltocumulus
AltocumulusHi,
I did not mention it, but all that I have done already. The checker is installed together with the EC and the whole thing has been installed with admin rights.
In APM policy machine certificate check action I do have the 'Match subject CN with FQDN' set to YES and even the 'Match Issuer' set to the correct string.
I mean, I am pretty sure I managed to configure everything based on the available documentation. My question here was more the direction... if it does not work for whatever reason, what is the way to find out why is it not working?
I cannot imagine there is no way to somewhere see the real actual reason of the error, it must be written somewhere.. I just don't know where, couldn't find it yet.
Looks like I will have to open a ticket with F5 support.