Client cert authentication is not working - "application verification failure"
So my organization has it's own RootCA and subordinate authority. I tried adding a certificate bundle by taking the base-64 encoding from the RootCA and the subordinate authority and pasting them both as a bundle. I assigned the bundle to a Client SSL profile for both the Trusted Certificate Authorities and the Advertised Certificate Authorities.
The workstation I'm testing with has an Active Directory assigned "Client Authentication" certificate that is basically the computer name (fully qualified) and is issued by the subordinate authority. When I try browsing the website in Chrome, it reports:
eddiapp.domain.com didn’t accept your login certificate, or one may not have been provided. Try contacting the system admin. ERR_BAD_SSL_CLIENT_AUTH_CERT
LTM (12.1.2) reports Connection error: ssl_shim_vfycerterr:4530: application verification failure (46)
I'm assuming the client is not presenting the cert. I added an iRule to check and it appears to be the case.
I created a CA pem file via SSH with both CA's in it and also copied the client cert over as well and ran this:
openssl verify -CAfile ca.pem ITD-35147.pem ITD-35147.pem: OK
I'm not sure what I'm missing. Can anybody shed some light?
Thanks, Chris