We are configuring F5 Edge client VPN connexion with client cert inspection within the APM policy.
The client ssl profile is configured with request and the CA is selected under Trusted Certificate Authorities and Advertised Certificate Authorities.
When connecting to the vpn users are prompt with a popup asking to select the certificate. There is only one client certificate in the store.
Is there a feature with F5 Edge client to select automatically the client certificate to use for authentication ?
Is that a machine certificate authentication you want to use? If you configure APM policy with machine certificate auth in VPE, it would happen automatically. BIGIP edge client must be installed with admin credentials
It is user certificate not machine.
When we select the certificate in the popup the connexion works. We just want to simplify the user and select the certificate automatically.
The popup looks like this :
Is there a reason you are not looking for machine certificate auth?
This works seem less without the user intervention. We will keep the comments open if someone has done with the user certificate to share the setup.
Can we use the machine certificate auth action to look in to the user certificate store ?
Worth to try.
Client said the prompt is present when connecting for the first time.
I did enable advertised CA.
I tried the Machine cert auth box in APM with the option "CurrentUser" for the certificate store location and I think it work to check the client certificate and not machine.
But I have to do more test with the client to see if it fix the prompt of certificate.
Thanks for the feedback
Did this solution work for you? Do you still have the Client certificate option selected in the SSL Client profile or just the machine cert check in the APM policy?
We have the same issue here. Any hints or solutions are very much appreciated. thanks.