Windows Phone 8.1 Edge Client Certificate Authentication

Question

I want to configure Edge Client for Windows Phone 8.1 to authenticate using a Client Certificate.
I've asked Microsoft and this is their answer:
"3rd party VPN clients are able to support certificate based authentication.  It is NOT selected using the UI on the VPN client setup.  That is reserved only for our Inbox protocols (IKEv2 / L2TP, etc.).  Cert auth for 3rd party VPN clients is provisioned using configuration on the 3rd party VPN gateway where the handshake between their app and their VPN server identifies what type of auth should be used, and then the appropriate UI workflow will get triggered when device is trying to connect.  "&nbsp;
I've found documents that show how to do it with Juniper and CheckPoint, but nothing regarding F5.
Is it possible? How should be configured Access Profile ?
The certificate authentication is defined in the Virtuar server or in the Access Policy?&nbsp;

kunjan · Answer

In general you can follow the Soln doc for the client cert configuration on APM end&nbsp;
https://support.f5.com/kb/en-us/products/big-ip_apm/manuals/product/apm-authentication-single-sign-on-11-6-0/16.print.html &nbsp;
As per the release notes, the feature is not there.  &nbsp;
https://support.f5.com/kb/en-us/products/big-ip_apm/releasenotes/related/relnote-edgelclientwinphone-8-1.html&nbsp;
But you can test it, if you have a way to push the client cert. &nbsp;

lucas_thompson_ · Answer

The Inbox VPN client does not work with Machine Certificates (F5 ID 450285,473090 , MSFT ID 608460). The Inbox VPN client or Edge Client CAN work with certificates, but it requires some special provisioning by an MDM for Windows Phone 8.1 to place the correct certificate into the store and to provision the VPN client.&nbsp;
See this doc for more information:&nbsp;
https://support.f5.com/kb/en-us/products/big-ip_apm/releasenotes/related/config-note-f5-inbox-vpn-client-windows8.html&nbsp;

corey_12957 · Answer

You can configure Edge client on Windows phone to use certificate auth with an MDM solution.  Here is some example XML:
Item&gt;
        ./Vendor/MSFT/VPN/F5vpn/ThirdParty/AppId

F5Networks.vpn.client_btcnfmkykcjs2
    
For having F5 VPN client identify the certificate, it needs to identify the issuer:

./Vendor/MSFT/VPN/F5vpn/ThirdParty/CustomConfiguration

Certificate_Authority

giuseppe_6029 · Answer

Could anyone show the full xml for pushing certificate from MDM to windows phone device?&nbsp;

soymanue · Answer

I'm afraid that Edge Client for Windows Phone 8.1 doesn't support Certificate Authentication yet.&nbsp;
I was told by support engineers that next version will support that functionality but didn't give any release date.&nbsp;

Forum Discussion

Windows Phone 8.1 Edge Client Certificate Authentication

5 Replies

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

Any way to cache HEAD request

can you help with getting a BigIP virtual edition serial key

VIP in https that redirect to another vip in https

In Using the AST tool am I pointing it to TENANTS or to the F5OS(hardware) I have?

2026 is Almost Here

Related Content

Automating Certificate Management on F5 BIG-IP

APM Clientless certificate authentication

BIG-IQ Client Certificate (PKI) Authentication

Certificate Automation for BIG-IP using CyberArk Certificate Manager, Self-Hosted

Automating ACMEv2 Certificate Management on BIG-IP

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS