SSL certificate, Client authentication failed.

Thanks for the article sir, I just read it and it helped in understanding how it works but My configuration seems alright. I got pass phrase from client which i put in pass phrase portion. But for testing purpose i uploaded same certificate in Windows machine but can't put pass phrase in windows machine any where. May be pass phrase is only put in server not client.

Thanks for the article sir, I just read it and it helped in understanding how it works but My configuration seems alright. I got pass phrase from client which i put in pass phrase portion. But for testing purpose i uploaded same certificate in Windows machine but can't put pass phrase in windows machine any where. May be pass phrase is only put in server not client.

ltm virtual Siebel-VS { auto-lasthop enabled cmp-enabled no destination 10.50.171.5:cbt ip-protocol tcp mask 255.255.255.255 pool SIEBEL_APP_POOL profiles { Anaylytics1 { } Siebel-Client { context clientside } Tibco-HTTP { } tcp { } } rules { SIEBEL_VS.app/SIEBEL_VS_web_activex_irule logging_iRule } source 0.0.0.0/0 source-address-translation { type automap } vs-index 28 --------------------------------------------------------------- ltm pool Tibco-LB-Group3 { members { tbpbws01:9851 { address 10.50.169.14 session monitor-enabled state up } tbpbws02:9851 { address 10.50.169.16 session monitor-enabled state up } } monitor Tibco-9851 reselect-tries 4 } ------------------------------------------------------------------ ltm profile client-ssl Siebel-Client { alert-timeout 10 allow-non-ssl disabled app-service none authenticate once authenticate-depth 9 ca-file Siebel-SSL-CA1.crt cache-size 262144 cache-timeout 3600 cert Siebel-SSL-CA1.crt chain none ciphers DEFAULT client-cert-ca Siebel-SSL-CA1.crt crl-file none defaults-from clientssl handshake-timeout 10 key Siebel-SSL-CA1.key mod-ssl-methods disabled options { dont-insert-empty-fragments } peer-cert-mode require proxy-ssl disabled renegotiate-max-record-delay indefinite renegotiate-period indefinite renegotiate-size indefinite renegotiation enabled retain-certificate true secure-renegotiation require server-name none session-ticket disabled sni-default false sni-require false strict-resume disabled unclean-shutdown enabled }

ltm virtual Siebel-VS { auto-lasthop enabled cmp-enabled no destination 10.50.171.5:cbt ip-protocol tcp mask 255.255.255.255 pool SIEBEL_APP_POOL profiles { Anaylytics1 { } Siebel-Client { context clientside } Tibco-HTTP { } tcp { } } rules { SIEBEL_VS.app/SIEBEL_VS_web_activex_irule logging_iRule } source 0.0.0.0/0 source-address-translation { type automap } vs-index 28 --------------------------------------------------------------- ltm pool Tibco-LB-Group3 { members { tbpbws01:9851 { address 10.50.169.14 session monitor-enabled state up } tbpbws02:9851 { address 10.50.169.16 session monitor-enabled state up } } monitor Tibco-9851 reselect-tries 4 } ------------------------------------------------------------------ ltm profile client-ssl Siebel-Client { alert-timeout 10 allow-non-ssl disabled app-service none authenticate once authenticate-depth 9 ca-file Siebel-SSL-CA1.crt cache-size 262144 cache-timeout 3600 cert Siebel-SSL-CA1.crt chain none ciphers DEFAULT client-cert-ca Siebel-SSL-CA1.crt crl-file none defaults-from clientssl handshake-timeout 10 key Siebel-SSL-CA1.key mod-ssl-methods disabled options { dont-insert-empty-fragments } peer-cert-mode require proxy-ssl disabled renegotiate-max-record-delay indefinite renegotiate-period indefinite renegotiate-size indefinite renegotiation enabled retain-certificate true secure-renegotiation require server-name none session-ticket disabled sni-default false sni-require false strict-resume disabled unclean-shutdown enabled }

yes this certificate is provided by client. Today i did little trouble shooting and found that their was a chain of certificates. Then i downloaded them from links provided in certificates. I made a bundle of them and put it in Certificate authority in SSL client profile also put them in windows system and browser. Now only one problem is left. browser matches all the certificates but open ssl shows only one error that root certificate is self-signed. Root certificate will always be self-signed right because there is not certificate above it. Please help me out what to do now

yes this certificate is provided by client. Today i did little trouble shooting and found that their was a chain of certificates. Then i downloaded them from links provided in certificates. I made a bundle of them and put it in Certificate authority in SSL client profile also put them in windows system and browser. Now only one problem is left. browser matches all the certificates but open ssl shows only one error that root certificate is self-signed. Root certificate will always be self-signed right because there is not certificate above it. Please help me out what to do now