Forum Discussion
hooleylist
Jul 05, 2010Cirrostratus
There isn't really any additional debug you can enable. You can capture a tcpdump and decrypt it using ssldump to get more info on what's failing. Try searching the forums here and support.f5.com for ssldump for details on using the command.
I think you're correct that the the client cert request is probably still failing with the mode set to request.
You should add the CA (and intermediate cert) to a bundle and configure it as the advertised and trusted CA bundle on the client SSL profile. The advertised bundle tells the client what CA issuers will be accepted. The trusted CA bundle is what LTM will use to validate the cert.
Aaron