Forum Discussion

Cirrus

Mar 30, 2015

On-Demand Cert Auth Error Capturing

Hi, I have an F5 terminating SSL and an access policy that uses "On-Demand Cert Auth" to get a client certificate, validate it, and authenticate it against an Active Directory server. This...

application delivery

BIG-IP Access Policy Manager (APM)

Employee

Mar 31, 2015

Hi Eric,

Do you by chance have your On-Demand Auth agent set to "require" instead of "request"? If set to "require" you will get a reset and the SSL handshake will not complete. If set to "request" then if a valid certificate is not present (either no certificate or a wrong certificate) then you will follow the fallback branch and continue with the VPE.

Seth

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)