dirken
Jun 06, 2017Nimbostratus
Client cert auth not working on Win2016
My VS has a client ssl profile bound, requiring client authentication and sending the required PKI to the client, which is a Win2016 server.
- Client Cert: require
- Trusted CAs:
- Advertised CAs:
The client (Win2016 server) initiates the connection without user interaction. A sniffer trace shows that the F5 sends a "certificate request" back to the client, together with its own cert. The next ssl packet from the Win2016 server is "certificate", but with no certificate in it, and a certificate length specified as "0".
The client cert was imported into the machine cert store, into the user cert store for the service initiating the connection etc. - nothing helped.
Any idea how to make the Win2016 server send its own cert when requested by the F5? What could possibly be the problem here?