SSL Profiles Part 8: Client Authentication

This is the eighth article in a series of Tech Tips that highlight SSL Profiles on the BIG-IP LTM.  SSL Overview and Handshake SSL Certificates Certificate Chain Implementation Cipher Suite...
Updated Mar 25, 2023
Version 3.0
LTM
security
series-the-ssl-profile
ssl
tech tip
sachin_80710's avatar
sachin_80710
Icon for Nimbostratus rankNimbostratus
Sep 01, 2016

We tried doing client certificate authentication but unsuccessful. We generated self-signed certificate for client system on F5 LTM. Exported and imported the certificate and key in client system Mozilla browser. We have set 'require' setting in ssl profile client authentication. When trying to access website we get pop-up in mozilla to select certificate, after selecting certificate we get ssl error message in browser.

 

On F5 LTM logs we see below logs: Aug 31 17:56:56 ltm warning tmm[12989]: 01260006:4: Peer cert verify error: self signed certificate (depth 0; cert /C=IN/ST=example/L=abc/O=xyz/OU=IT/CN= Aug 31 17:56:56 ltm info tmm[12989]: Rule /Common/Cert_Logging : Certificate 1: XX:XX:XX:XX Aug 31 17:56:56 ltm info tmm[12989]: Rule /Common/Cert_Logging : Client Certificate Recieved - IP:192.168.1.4 Serial:XX:XX:XX:XX Aug 31 17:56:56 ltm warning tmm[12989]: 01260009:4: Connection error: ssl_shim_vfycerterr:4403: self signed certificate (48)

 

 

We see F5 is receiving certificate but unable to verify it. Even though certificate is available with F5.