Verify Certificate is installed
Hello everyone! I'm currently trying to set up a Machine Cert Auth in my APM VPE with the sole purpose of verifying that the computer has installed a company computer certificate. I'm struggling to get it to work and I'm unsure which components I actually need to get it to work. I have reviewed all manual chapters I can find and browsed through DC but still not managed to get it to work. I have the following simple policy: With the following Machine Cert Auth Config: Here I have tried numerous of different combinations. The one I'm presently using is this: CN=ad-ADDS01-CA-2, DC=ad, DC=jonsson, DC=biz I have installed the following computer cert on the computer trying to connect: I have configured a Certificate Authority Profile with the following settings: That is the root CA which has signed the Computer certificate. Here is the entire chain: The certificate is installed in the Local Machine part and I have all of the components installed for the APM to check my certs. Yet I’m still seeing this in the log: Apr 12 11:57:21 bigipcore02 err apmd[7363]: 0149015f:3: MachineCert Agent: Init failed in '/Common/cert_auth_test_act_machinecert_auth_ag' reason 'Loading CA file failed' And this when debug is turned on: Apr 12 12:32:42 bigipcore02 debug apmd[7363]: 01490266:7: (null):Common:00000000: ./AccessPolicyProcessor/SessionState.h: 'clearTempSessionAgentState()': 118: Agent did not initiated the scheduled agent It feels that I've done everything correct according to the examples and manuals I have found. What am I missing? =/
machine cert auth agent doesn't check on private keys?
hi out there I have still problems with the machine cert auth agent in my apm policy - it seems as if it cannot verify if the the certificate contains the private key or not - I tried to export a certificate with non-exportable private keys and import it again so that no private key exist on the client - the agent still return "1" and lets me pass the authentication successfull even though I would expect that it should return "2" and hereby indicate correct certificate but without private keys what can I do? best regards /ti
machine cert auth agent doesn't check on private keys?
hi out there I have still problems with the machine cert auth agent in my apm policy - it seems as if it cannot verify if the the certificate contains the private key or not - I tried to export a certificate with non-exportable private keys and import it again so that no private key exist on the client - the agent still return "1" and lets me pass the authentication successfull even though I would expect that it should return "2" and hereby indicate correct certificate but without private keys what can I do? best regards /ti
