Forum Discussion
Kevin_K_51432
Apr 03, 2018Historic F5 Account
Greetings,
"we want to restrict the connections by having the actual client certificate to be trusted ,not with the root and intermediate."
The signing certificates (root / intermediate) are used only to verify other (client) certificates. By associating the signing certificates in the profile, you are trusting them and the certificates they sign.
"we did try adding a client certificate to the LB and remove the root and intermediate from the LB trust, but it never worked. not sure whether this can be implemented or not."
If you want to limit the connections to the signed client certificate, ensure the LTM Client SSL profile Client Authentication > Client Certificate option is set to "Required".
Hope this is helpful!
Kevin