cancel
Showing results for 
Search instead for 
Did you mean: 
Login & Join the DevCentral Connects Group to watch the Recorded LiveStream (May 12) on Basic iControl Security - show notes included.

Edge client : automatic client certificate selection

xbillmann
Nimbostratus
Nimbostratus

Hi,

 

We are configuring F5 Edge client VPN connexion with client cert inspection within the APM policy.

The client ssl profile is configured with request and the CA is selected under Trusted Certificate Authorities and Advertised Certificate Authorities.

 

When connecting to the vpn users are prompt with a popup asking to select the certificate. There is only one client certificate in the store.

Is there a feature with F5 Edge client to select automatically the client certificate to use for authentication ?

 

Best regards

9 REPLIES 9

SanjayP
MVP
MVP

Is that a machine certificate authentication you want to use? If you configure APM policy with machine certificate auth in VPE, it would happen automatically. BIGIP edge client must be installed with admin credentials​

It is user certificate not machine.

When we select the certificate in the popup the connexion works. We just want to simplify the user and select the certificate automatically.

 

The popup looks like this :

 

0691T00000C2rgSQAR.png

SanjayP
MVP
MVP

Is there a reason you are not looking for machine certificate auth?

​https://support.f5.com/csp/article/K13614

This works seem less wit​hout the user intervention. We will keep the comments open if someone has done with the user certificate to share the setup.

Can we use the machine certificate auth action to look in to the user certificate store ?

Worth to try. ​

boneyard
MVP
MVP

when there is just one applicable certificate then im used it gets auto selected.

 

do you advertise the CA in the client SSL profile?

xbillmann
Nimbostratus
Nimbostratus

Client said the prompt is present when connecting for the first time.

I did enable advertised CA.

 

I tried the Machine cert auth box in APM with the option "CurrentUser" for the certificate store location and I think it work to check the client certificate and not machine.

 

But I have to do more test with the client to see if it fix the prompt of certificate.

Thanks for the feedback​

Did this solution work for you? Do you still have the Client certificate option selected in the SSL Client profile or just the machine cert check in the APM policy?