Forum Discussion
Kevin_Stewart
Oct 10, 2013Employee
If I click cancel and don't present a cert I can get to the resource if on-demand cert is not part of the access policy
This part is confusing. Earlier you stated "The on-demand cert in access policy is set to require and client ssl cert is set to ignore in the ssl_client profile".
So just to be clear, the certificate authentication option in the client SSL profile needs to be set to ignore to use the APM Cert Auth agent. The Trusted Certificate Authority option in the client SSL profile should be selected with the appropriate CA certificate(s) to validate client certificates. You shouldn't (normally) need anything else in the client SSL profile.