Forum Discussion
Dev_56330
Cirrus
Jan 15, 2018Remote User Management - LDAP Client Cert
Has anyone successfully deployed LDAP using client cert authentication to the BIG-IP TMUI? I see the guide though it is not very intuitive so I was curious if anyone would be willing to share their ...
Dev_56330
Cirrus
Jan 18, 2018For troubleshooting purposes I am attempting to perform certificate based authentication within APM using the same certificates as I am in TMUI. I exported the BIG-IP certificate and key to create a client ssl profile. I imported the CA cert and added that to the trusted and advertised fields of the client SSL profile. SSL profile has ignore for client certificate and ODCA is configured to required. I am prompted for a certificate though based on the logs from my ssl profiel no certificate has been passed.
--------------------------------------------------------------------------------------
Ltm::ClientSSL Profile: BIGIPClientSSL
--------------------------------------------------------------------------------------
Virtual Server Name N/A
Bytes Inbound Outbound
Encrypted 48.1K 235.9K
Decrypted 24.6K 143.8K
Connections Open Maximum Total
Native 0 6 55
Compatibility 0 0 0
Total 0 7 55
Certificates/Handshakes
Valid Certificates 0
Invalid Certificates 0
No Certificates 55
Mid-Connection Handshakes 0
Secure Handshakes 55
Current Active Handshakes 0
Insecure Handshakes Accepted 0
Insecure Handshakes Rejected 0
Insecure Renegotiations Rejected 0
Mismatched Server Name Rejected 0
Extended Master Secret Handshakes 55
Protocol
SSL Protocol Version 2 0
SSL Protocol Version 3 0
TLS Protocol Version 1.0 0
TLS Protocol Version 1.1 0
TLS Protocol Version 1.2 55
DTLS Protocol Version 1 0
Key Exchange Method
Anonymous Diffie-Hellman 0
Diffie-Hellman w/ RSA Certs 0
Ephemeral Diffie-Hellman w/ DSS Certs 0
Ephemeral Diffie-Hellman w/ RSA Certs 0
Ephemeral ECDH w/ ECDSA Certs 0
Ephemeral ECDH w/ RSA Certs 17
Fixed ECDH w/ ECDSA Certs 0
Fixed ECDH w/ RSA signed Certs 0
RSA Certs 0
Ciphers
Advanced Encryption Standard (AES) 55
Advanced Encryption Standard Galois Counter Mode (AES-GCM) 0
Digital Encryption Standard (DES) 0
Rivest Cipher 2 (RC2) 0
Rivest Cipher 4 (RC4) 0
IDEA (old SSLv2 cipher) 0
Camellia 0
No Encryption 0
Message Digest Method
Message Digest 5 (MD5) 0
Secure Hash Algorithm (SHA) 55
No Message Authentication 0
SSL Hardware Acceleration
Full 0
Partial 0
None (Software) 55
Session Cache
Current Entries 0
Hits 38
Lookups 66
Overflows 0
Invalidations 28
Records
In 116
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects