Hi! I'm reading on this topic and checking on the procedure in implementing it. However, there are some items that are still not yet clear to me (more on the client side), hence would like your help so that I can understand properly. Please feel free to correct me if my statements are wrong:
- So the client needs its own certificate signed by a CA. The CA certificate (root CA?) will be imported in Big-IP and associated in the Trusted Certificate Authority under Client Authentication field of the client SSL profile.
- When generating the client certificate, I am assuming it is much like generating a server certificate- wherein a CSR & private key will be created, and client certificate will be issued using the CSR.
- Both the client certificate and client private key shall be imported on the client device.
- In the case where let's say 100 client devices are expected to connect to the VS for client authentication, should each client be generated with their own unique certificate?
Thank you and so sorry again if my understanding of this topic is not correct.