Forum Discussion

Jim_Chapuran's avatar
Jim_Chapuran
Icon for Altostratus rankAltostratus
Apr 23, 2020

Cert-Based Authentication to the Configuration Utility While Connected to an APM VPN

I have a VPN with an access policy attached to it, and it is working great. I also set up cert-based authentication to the Configuration Utility, which works great as well. However, I would like the ...
  • boneyard's avatar
    Apr 29, 2020

    unfortunately that is not possible, with SSL config like that (client and server side ssl profile) the client cert wont get further then the client side profile.

     

    you could try without the SSL profiles and see if it then works, but probably not.

     

    another way would be to put the client cert on the server side profile, but that kinda defeats your client certificate authentication.

     

    proxy SSL might be an option, but you need to disable quite some ciphers

    https://support.f5.com/csp/article/K13385

     

    using a hop server is another possibility.