Forum Discussion
amolari
Apr 21, 2016Cirrus
The certificate must of usage "Client Authentication", such as standard User certificates. If you have such certificate from Symantec it's fine. User certificates from your internal PKI -> OK.
Client Authentication / Client Certificate = Ignore is configured so, if you want the client-auth being performed at the APM-level (with "On-demand certificate check"). That has the advantage of: - be able to configure a fallback (other authentication method for example) - display the logon_deny page if user doesn't have the certificate
Basically, if you check the certificate the the LTM level (Client Authentication / Client Certificate = require for ex), the user without a certificate will get a TCP-reset.
Alex