Forum Discussion
Dev_56330
Jan 18, 2018Cirrus
For troubleshooting purposes I am attempting to perform certificate based authentication within APM using the same certificates as I am in TMUI. I exported the BIG-IP certificate and key to create a client ssl profile. I imported the CA cert and added that to the trusted and advertised fields of the client SSL profile. SSL profile has ignore for client certificate and ODCA is configured to required. I am prompted for a certificate though based on the logs from my ssl profiel no certificate has been passed.
--------------------------------------------------------------------------------------
Ltm::ClientSSL Profile: BIGIPClientSSL
--------------------------------------------------------------------------------------
Virtual Server Name N/A
Bytes Inbound Outbound
Encrypted 48.1K 235.9K
Decrypted 24.6K 143.8K
Connections Open Maximum Total
Native 0 6 55
Compatibility 0 0 0
Total 0 7 55
Certificates/Handshakes
Valid Certificates 0
Invalid Certificates 0
No Certificates 55
Mid-Connection Handshakes 0
Secure Handshakes 55
Current Active Handshakes 0
Insecure Handshakes Accepted 0
Insecure Handshakes Rejected 0
Insecure Renegotiations Rejected 0
Mismatched Server Name Rejected 0
Extended Master Secret Handshakes 55
Protocol
SSL Protocol Version 2 0
SSL Protocol Version 3 0
TLS Protocol Version 1.0 0
TLS Protocol Version 1.1 0
TLS Protocol Version 1.2 55
DTLS Protocol Version 1 0
Key Exchange Method
Anonymous Diffie-Hellman 0
Diffie-Hellman w/ RSA Certs 0
Ephemeral Diffie-Hellman w/ DSS Certs 0
Ephemeral Diffie-Hellman w/ RSA Certs 0
Ephemeral ECDH w/ ECDSA Certs 0
Ephemeral ECDH w/ RSA Certs 17
Fixed ECDH w/ ECDSA Certs 0
Fixed ECDH w/ RSA signed Certs 0
RSA Certs 0
Ciphers
Advanced Encryption Standard (AES) 55
Advanced Encryption Standard Galois Counter Mode (AES-GCM) 0
Digital Encryption Standard (DES) 0
Rivest Cipher 2 (RC2) 0
Rivest Cipher 4 (RC4) 0
IDEA (old SSLv2 cipher) 0
Camellia 0
No Encryption 0
Message Digest Method
Message Digest 5 (MD5) 0
Secure Hash Algorithm (SHA) 55
No Message Authentication 0
SSL Hardware Acceleration
Full 0
Partial 0
None (Software) 55
Session Cache
Current Entries 0
Hits 38
Lookups 66
Overflows 0
Invalidations 28
Records
In 116