Forum Discussion
Muhammad_Irfan1
Cirrus
CirrusSSL certificate, Client authentication failed.
Client have provided me a PKCS12 SSL certificate which i imported in F5 LTM 5000s and created a client side profile and attached it to HTTPS VS. Client also have the same certificate in his machine. ...
nitass
Employee
EmployeeMy configuration seems alright.
can you post the configuration here?
tmsh list ltm virtual (name)
tmsh list ltm pool (name)
tmsh list ltm profile client-ssl (name)
Muhammad_Irfan1Cirrus
Cirrusltm virtual Siebel-VS {
auto-lasthop enabled
cmp-enabled no
destination 10.50.171.5:cbt
ip-protocol tcp
mask 255.255.255.255
pool SIEBEL_APP_POOL
profiles {
Anaylytics1 { }
Siebel-Client {
context clientside
}
Tibco-HTTP { }
tcp { }
}
rules {
SIEBEL_VS.app/SIEBEL_VS_web_activex_irule
logging_iRule
}
source 0.0.0.0/0
source-address-translation {
type automap
}
vs-index 28
---------------------------------------------------------------
ltm pool Tibco-LB-Group3 {
members {
tbpbws01:9851 {
address 10.50.169.14
session monitor-enabled
state up
}
tbpbws02:9851 {
address 10.50.169.16
session monitor-enabled
state up
}
}
monitor Tibco-9851
reselect-tries 4
}
------------------------------------------------------------------
ltm profile client-ssl Siebel-Client {
alert-timeout 10
allow-non-ssl disabled
app-service none
authenticate once
authenticate-depth 9
ca-file Siebel-SSL-CA1.crt
cache-size 262144
cache-timeout 3600
cert Siebel-SSL-CA1.crt
chain none
ciphers DEFAULT
client-cert-ca Siebel-SSL-CA1.crt
crl-file none
defaults-from clientssl
handshake-timeout 10
key Siebel-SSL-CA1.key
mod-ssl-methods disabled
options { dont-insert-empty-fragments }
peer-cert-mode require
proxy-ssl disabled
renegotiate-max-record-delay indefinite
renegotiate-period indefinite
renegotiate-size indefinite
renegotiation enabled
retain-certificate true
secure-renegotiation require
server-name none
session-ticket disabled
sni-default false
sni-require false
strict-resume disabled
unclean-shutdown enabled
}
