I have put client authentication to require.
I have CA chain in trusted certificates authorities and a certificate and key in certificate and key place. I exported both certificate and key out of f5 and converted it to .pfx and put in client browser. Also all the CA are also in browser.
When i set client authentication to request green lock is shown on browser but when i set it to require handshake fails.
Please help me. I can give all the date anyone require.
The idea is that there are two endpoint-certificates: one for the server, in this case the F5's client-ssl profile, and one for the client, in this case your browser. Both certificates should be signed by a CA, it doesn't have to be the same CA though.
You could theoretically use the same certificate for both, but that makes little sense.
The client-ssl profile allows you to configure a few things:
If the F5 says that the browser must (=>setting on require) send a certificate that was signed by a CA with common name 'TEST' (Advertised Certificate Authorities), but the browser doesn't have such a client certificate, it will simply fail to send and the F5 will abort the connection with a handshake failure message.
Does this answer your question?