Mutual SSL Certificate Authentication

Hi Stevenson, You probably have resolved your issue by now or given up on it. Mutual authentication could be using just the Client SSL to validate the browser connection traffic for the session (once or always) or you cann do a further authentication using a remote server. This remote authentication is facilitated using PAM modules on the F5 BigIP. These could be tacas, radius or even an ldap server. In your setup above, you are doing client ssl authentication using remote ldap server. The test to fish out the problem would be:

1) do you have ldap bind to your ldap server and can you do ldapsearch from bigIP CLI to the ldap server ? 2) The client certificate loaded onto the client browser, can you extract the sAMAccountName from it and matches what was held on the ldap server and in the correct object group?