I've got machine cert check configured on an APM policy which works fine for Windows machines. An issue has been seen where the cert auth on Macs can fail if there are some expired certificates on the machine.
I can't find any documentation as to how and in what order the APM/Edge Client checks the certificates on the machines, ie does it check the first certificate in the store and report back the status of that, or does it check through all certs for a valid match? So if the first cert in the store had expired but also had a valid cert, does that cause the cert check to fail? If that is the case is there anything on the F5 config that can be done to check all certs in the store for a match?