Server and client certificate CN should match or not in client authentication

I have uploaded CA bundle but when looking into that certificate_d folder they are converted into 3 certificates of CA which bundle contained. Now I am scratching my head. 1. server authentication is successfully done, 2. now client authentication is not working. 3. certificate authority of both F5 and client certificates is same. 4. Certificate authority have 2 intermediate and 1 root cert, put in browser and converted into bundle and put in F5 as well. 5. Any certificate issued by mobilink to client will work or for this application client certificate will have something unique which will identify that this certificate is for this app. 6. Have you performed client authentication before? I want all the clients have the same cert and f5 will not have that cert, f5 will only have ca bundle to validate client cert right? 7. If that same bundle is working in server authentication then same bundle should work in client authentication as issuer of both is same. 8. The testing I am doing is with cert which was for some other purpose but issued by mobilink so that will work for client authentication as well right as F5 only checks issuer?

Could this be the problem for testing which certificate I am using for client authentication it is written with it that Certificate intended purpose server authentication. could this be the problem that I can not use it for client authentication

>I have uploaded CA bundle but when looking into that certificate_d folder they are converted into 3 certificates of CA which bundle contained. can you try to concat (cat) 2 intermediate and 1 root certificates to 1 file and set it in ssl profile? sol13302: Configuring the BIG-IP system to use an SSL chain certificate (11.x) https://support.f5.com/kb/en-us/solutions/public/13000/300/sol13302.html

Yes that is exactly how I made my bundle.. I think bundle is fine. I was testing client authentication with a certificate which was only for server authentication. I came across an article and find out that I can not use server authentication certificate for client authentication.

I am almost there now. just three points to ask 1. During reading this solution sol14819: Troubleshooting client certificate authentication What does these lines means? For client certificate authentication to work properly on the BIG-IP system, you should verify that the following elements are in place: •If the client certificate was signed by a local trusted CA, the following elements should be in place:◦The local trusted CA certificate and key are installed on the BIG-IP system and associated with the SSL profile. ◦The client certificate is signed by the local trusted CA key, converted to the proper format (PKCS12), and installed on the client. ◦The site certificate and key are installed and associated with the Client SSL profile. While I have 2 intermediate and 1 root certificate all with crt format not with private key. 2. Only client authentication certificate can be used for client authentication, I was trying with a server authentication certificate to authenticate client. I need to ask CA to make me a client authentication certificate and then try again.

>The local trusted CA certificate and key are installed on the BIG-IP system and associated with the SSL profile. i do not think private key of trusted ca is needed (and i do not think it is given).

Right, Thanks for your patience Nitass. I will check with client authentication certificate and let you know.