Forum Discussion
Janez
Nimbostratus
NimbostratusSSL Handshake failed - client certificate authentication and also without certificate
Hello, I have question. We have plan to migrate web app which have 2 different type authentication. One is with without cerificate and secont autentication is with certificate. I did custom cli...
JanezNimbostratus
NimbostratusHello,
Proxy SSL is problem because customer use ECDHE or any ciphers with Perfect Forward Secrecy.
Here is client profile:
ltm profile client-ssl /Common/client-SSL {
app-service none
ca-file /Common/Cert.crt
cert /Common/Cert.crt
cert-key-chain {
Cert_chain {
cert /Common/Cert.crt
chain /Common/Cert_CA.crt
key /Cert-Key.key
}
}
chain /Common/Common/Cert_CA.crt
cipher-group none
ciphers DEFAULT
defaults-from /Common/clientssl
inherit-certkeychain false
key /Common/Cert-Key.key
passphrase none
peer-cert-mode request
ssl-c3d enabled
}
And Server profile:
ltm profile server-ssl /Common/Server-SSL {
app-service none
c3d-ca-cert /Common/Cert.crt
c3d-ca-key /Common/Cert-Key.key
cert /Common/Cert.crt
defaults-from /Common/serverssl
key /Common/Cert-Key.key
ssl-c3d enabled
Thanks and regards,
Janez