Forum Discussion
boneyard
Apr 14, 2018MVP
i don't really expect the BIG-IP to return a 401 in general if a client certificate is send. or is there some iRule or ASM or such involved?
in that case it will most likely depend on your configuration. i do believe you can put what you want in a CA bundle. what i could imagine is that the expired cert is also used for advertising CA and that a client cert from that CA is offered which doesn't happen when it isn't there.
but again, in general that means connections failing, no 401, something else must be causing that.