Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions

Edge client : automatic client certificate selection

xbillmann
Nimbostratus
Nimbostratus

‎07-Apr-2021 08:37

Hi,

 

We are configuring F5 Edge client VPN connexion with client cert inspection within the APM policy.

The client ssl profile is configured with request and the CA is selected under Trusted Certificate Authorities and Advertised Certificate Authorities.

 

When connecting to the vpn users are prompt with a popup asking to select the certificate. There is only one client certificate in the store.

Is there a feature with F5 Edge client to select automatically the client certificate to use for authentication ?

 

Best regards

Labels:
0 Kudos
10 REPLIES 10

SanjayP
MVP
MVP

‎07-Apr-2021 09:24

Is that a machine certificate authentication you want to use? If you configure APM policy with machine certificate auth in VPE, it would happen automatically. BIGIP edge client must be installed with admin credentials​

0 Kudos

xbillmann
Nimbostratus
Nimbostratus
In response to SanjayP

‎07-Apr-2021 10:13

It is user certificate not machine.

When we select the certificate in the popup the connexion works. We just want to simplify the user and select the certificate automatically.

 

The popup looks like this :

 

0691T00000C2rgSQAR.png

0 Kudos

SanjayP
MVP
MVP

‎07-Apr-2021 10:49

Is there a reason you are not looking for machine certificate auth?

​https://support.f5.com/csp/article/K13614

This works seem less wit​hout the user intervention. We will keep the comments open if someone has done with the user certificate to share the setup.

0 Kudos

xbillmann
Nimbostratus
Nimbostratus
In response to SanjayP

‎07-Apr-2021 10:52

Can we use the machine certificate auth action to look in to the user certificate store ?

0 Kudos

SanjayP
MVP
MVP
In response to xbillmann

‎07-Apr-2021 22:30

Worth to try. ​

0 Kudos

boneyard
MVP
MVP

‎11-Apr-2021 06:52

when there is just one applicable certificate then im used it gets auto selected.

 

do you advertise the CA in the client SSL profile?

0 Kudos

xbillmann
Nimbostratus
Nimbostratus

‎21-Apr-2021 07:39

Client said the prompt is present when connecting for the first time.

I did enable advertised CA.

 

I tried the Machine cert auth box in APM with the option "CurrentUser" for the certificate store location and I think it work to check the client certificate and not machine.

 

But I have to do more test with the client to see if it fix the prompt of certificate.

0 Kudos

SanjayP
MVP
MVP
In response to xbillmann

‎21-Apr-2021 11:44

Thanks for the feedback​

0 Kudos

kevinmc
Altocumulus
Altocumulus
In response to xbillmann

‎27-Jul-2021 04:35

Did this solution work for you? Do you still have the Client certificate option selected in the SSL Client profile or just the machine cert check in the APM policy?

0 Kudos

thrillseeker
Nimbostratus
Nimbostratus

‎26-Sep-2022 01:30

We have the same issue here. Any hints or solutions are very much appreciated. thanks.

0 Kudos
Copyright © 2023 Khoros, LLC