F5 VPN multiple certificate prompt
Hi,
We are currently deploying the F5 Edge Gateway vpn solution across our user base. Part of the security is to check the SSL certificate via a internal CA.
The issue is all users will have 2 internal certificates installed - once for email and one for verification however they are both allowed to be used for Client Authentication therefore when a user logs in they are asked which certificate to use. Not ideal.
When I disable Client Authentication on the email certificate the user can login with no prompt for certificate selection however the CA teams dont want me to do this plus its overhead on the roll out of client.
The difference between the certificates is Key Usage - one is set to Key Encipherment and the other Digital Signature.
Is it possible via a irule to ensure only the certificate containing a digital signature property is available to be used so the user doesn`t receive the prompt ?
I cant see any way of doing this via APM or the Client SSL profile configuration.
Any help with appreciated.
Thanks
BIG IP Edgeway 11.3HF9