Remote User Admin Authentication using encrypted Active Directory lookup

Question

So I'm able to authenticate and authorize remote users against our domain controller. In fact its working over port 389 and 636. But I don't understand why I'm being asked for client cert and key for ssl? What cert and key is it asking for? The machine cert/key for my domain controller or the self-signed switch cert? It was my understanding that the server is responsible for encryption. I could understand the certificate ca being necessary to run the chain of the server, but after that, I'm not clear and haven't been able to gather the info in docs. Can anybody shed light on this for me? &nbsp;
Thanks!&nbsp;
Ward&nbsp;

amolari · Answer

to communicate with AD over SSL, the client (bigip) must authenticate the server and this you need to provide the CA of the AD server. This is transparent for windows domain machines because the GPO will deploy those CAs to the clients.
Providing the key is necessary if you want a 2-way auth.&nbsp;
sol11072: Configuring LDAP remote authentication for Active Directory&nbsp;

ward_delcomyn_9 · Answer

Ok, that's what I was hoping would be the answer as it was working without any of it already. Thank you for the answer and the link! I read that doc but didn't catch it was for two-way auth. &nbsp;

Forum Discussion

Remote User Admin Authentication using encrypted Active Directory lookup

2 Replies

Recent Discussions

vulnerabilities (CVE-2020-36363), CVE-2016-0736,CVE-2019-6593-FOR VERSION BIGIP LTM-16.1.4

Unwinding the Benefits of Investing in White Label Crypto Wallet

SMTP profile not visible & showing

About AWAF "Redirect URLs" in "Responses and Blocks"

F5 iRule to replace host to path

Related Content

Decrypt, Encrypt, Decrypt, Encrypt, Encrypt....

Let's Encrypt

Automate Let's Encrypt Certificates on BIG-IP

F5 BIG-IP Access Policy Manager (APM) - Google Authenticator and Microsoft Authenticator

Remote User Authentication (e.g. F5 admins) using Azure Active Directory