Forum Discussion
Muhammad_Irfan1
Cirrus
CirrusSSL certificate, Client authentication failed.
Client have provided me a PKCS12 SSL certificate which i imported in F5 LTM 5000s and created a client side profile and attached it to HTTPS VS. Client also have the same certificate in his machine. ...
nitass_89166
Noctilucent
NoctilucentMy configuration seems alright.
can you post the configuration here?
tmsh list ltm virtual (name)
tmsh list ltm pool (name)
tmsh list ltm profile client-ssl (name)
Muhammad_Irfan1Cirrus
Cirrusltm virtual Siebel-VS {
auto-lasthop enabled
cmp-enabled no
destination 10.50.171.5:cbt
ip-protocol tcp
mask 255.255.255.255
pool SIEBEL_APP_POOL
profiles {
Anaylytics1 { }
Siebel-Client {
context clientside
}
Tibco-HTTP { }
tcp { }
}
rules {
SIEBEL_VS.app/SIEBEL_VS_web_activex_irule
logging_iRule
}
source 0.0.0.0/0
source-address-translation {
type automap
}
vs-index 28
---------------------------------------------------------------
ltm pool Tibco-LB-Group3 {
members {
tbpbws01:9851 {
address 10.50.169.14
session monitor-enabled
state up
}
tbpbws02:9851 {
address 10.50.169.16
session monitor-enabled
state up
}
}
monitor Tibco-9851
reselect-tries 4
}
------------------------------------------------------------------
ltm profile client-ssl Siebel-Client {
alert-timeout 10
allow-non-ssl disabled
app-service none
authenticate once
authenticate-depth 9
ca-file Siebel-SSL-CA1.crt
cache-size 262144
cache-timeout 3600
cert Siebel-SSL-CA1.crt
chain none
ciphers DEFAULT
client-cert-ca Siebel-SSL-CA1.crt
crl-file none
defaults-from clientssl
handshake-timeout 10
key Siebel-SSL-CA1.key
mod-ssl-methods disabled
options { dont-insert-empty-fragments }
peer-cert-mode require
proxy-ssl disabled
renegotiate-max-record-delay indefinite
renegotiate-period indefinite
renegotiate-size indefinite
renegotiation enabled
retain-certificate true
secure-renegotiation require
server-name none
session-ticket disabled
sni-default false
sni-require false
strict-resume disabled
unclean-shutdown enabled
}
