SSL Profiles Part 8: Client Authentication
We tried doing client certificate authentication but unsuccessful. We generated self-signed certificate for client system on F5 LTM. Exported and imported the certificate and key in client system Mozilla browser. We have set 'require' setting in ssl profile client authentication. When trying to access website we get pop-up in mozilla to select certificate, after selecting certificate we get ssl error message in browser.
On F5 LTM logs we see below logs: Aug 31 17:56:56 ltm warning tmm[12989]: 01260006:4: Peer cert verify error: self signed certificate (depth 0; cert /C=IN/ST=example/L=abc/O=xyz/OU=IT/CN= Aug 31 17:56:56 ltm info tmm[12989]: Rule /Common/Cert_Logging : Certificate 1: XX:XX:XX:XX Aug 31 17:56:56 ltm info tmm[12989]: Rule /Common/Cert_Logging : Client Certificate Recieved - IP:192.168.1.4 Serial:XX:XX:XX:XX Aug 31 17:56:56 ltm warning tmm[12989]: 01260009:4: Connection error: ssl_shim_vfycerterr:4403: self signed certificate (48)
We see F5 is receiving certificate but unable to verify it. Even though certificate is available with F5.