Forum Discussion
NimbostratusRemote User Admin Authentication using encrypted Active Directory lookup
So I'm able to authenticate and authorize remote users against our domain controller. In fact its working over port 389 and 636. But I don't understand why I'm being asked for client cert and key for ssl? What cert and key is it asking for? The machine cert/key for my domain controller or the self-signed switch cert? It was my understanding that the server is responsible for encryption. I could understand the certificate ca being necessary to run the chain of the server, but after that, I'm not clear and haven't been able to gather the info in docs. Can anybody shed light on this for me?
Thanks!
Ward
2 Replies
amolariCirrostratus
to communicate with AD over SSL, the client (bigip) must authenticate the server and this you need to provide the CA of the AD server. This is transparent for windows domain machines because the GPO will deploy those CAs to the clients. Providing the key is necessary if you want a 2-way auth.
sol11072: Configuring LDAP remote authentication for Active Directory
Ward_Delcomyn_9Ok, that's what I was hoping would be the answer as it was working without any of it already. Thank you for the answer and the link! I read that doc but didn't catch it was for two-way auth.
