Forum Discussion

Cirrus

Mar 30, 2015

On-Demand Cert Auth Error Capturing

Hi, I have an F5 terminating SSL and an access policy that uses "On-Demand Cert Auth" to get a client certificate, validate it, and authenticate it against an Active Directory server. This...

application delivery

BIG-IP Access Policy Manager (APM)

Employee

Mar 31, 2015

Hi Eric,

Do you by chance have your On-Demand Auth agent set to "require" instead of "request"? If set to "require" you will get a reset and the SSL handshake will not complete. If set to "request" then if a valid certificate is not present (either no certificate or a wrong certificate) then you will follow the fallback branch and continue with the VPE.

Seth

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

On-Demand Cert Auth Error Capturing

Jonathan - March 2026 Featured Member

F5 AppWorld 2026 Las Vegas - iRules Contest Winners!

2026 F5 DevCentral MVP Announcement

Recent Discussions

T4 and ALL tenant images

Unable to Forward APM and AFM Logs to AWS CloudWatch Using Telemetry Streaming

Managing iRules configuration

CPU load when Prometheus is scraping metrics from F5 BIG-IP LTM

[ASM] - How to disable the SQL injection attack signatures

Related Content

Decrypting BIG-IP Packet Captures Automatically

Decrypting BIG-IP Packet Captures without iRules

decrypted tcpdump capture without using an iRule and without using tshark

DevCentral Connects hosts Capture the Flag!

APM Cookbook: On-Demand VPN for iOS Devices

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS