Forum Discussion

Nimbostratus

Sep 27, 2013

Two way SSL problems with APM on BIGIP

Receiving ssl_shim_vfycert:2461 when attempting two way ssl authentication. Does anyone know the underlying cause of this message or where I can find an error reference?

ssl client authentication

Kevin_Stewart

Employee

Oct 10, 2013

If I click cancel and don't present a cert I can get to the resource if on-demand cert is not part of the access policy

This part is confusing. Earlier you stated "The on-demand cert in access policy is set to require and client ssl cert is set to ignore in the ssl_client profile".

So just to be clear, the certificate authentication option in the client SSL profile needs to be set to ignore to use the APM Cert Auth agent. The Trusted Certificate Authority option in the client SSL profile should be selected with the appropriate CA certificate(s) to validate client certificates. You shouldn't (normally) need anything else in the client SSL profile.

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

Two way SSL problems with APM on BIGIP

Recent Discussions

Background Tasks

APM with EntraID as idP / request signed

Should config via cli rather than gui?

APM Modern Customization - modify Header in user-common.js and form in user-logon.js

Which process is consuming higher CPU

Related Content

Re: BigIP Report

BigIP Report Old

Integrating the F5 BIGIP with Azure Sentinel

Securing APIs with BigIP

BIGIP SHOW INOPERATIVE

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS