BIG-IP ASM Cannot find client credentials for WS Security

are you sure you have a client certificate? because usually client certificates aren't signed by a well known (i assume you mean public) root CA. also client certificates aren't signed by a key.

https://security.stackexchange.com/questions/80199/commercial-ca-for-your-client-certificates

Thank boneyard for your answer.

We tried to configure 3 types of values for the client certificate of SOAP WSS in F5-ASM:

• A self-signed client certificate => It worked fine (when a request was received).
• A certificate signed by the SOAP server private key => It did not work with "Cannot find client credentials" (when a request was received).
• An intermediate certificate signed by a root CA => It did not work with "Cannot find client credentials" (when a request was received with a WS-Signature signed with a key which certificate was signed by the configured intermediate).

Would you please clarify what do you meant by: "client certificates aren't signed by a key" ??? Regards,

Dear sirs,

When the client certificate is self-signed, things work smoothly.

However when the client certificate is signed by the private key configured as the WSS Server Certificate on F5 then things stop working.

In that case, when the SOAP request is received, the ASM rejects it with the below error:

Failed Web Services Security: Verification Error: Cannot find Client credentials

Any tried this before ?

Is this an implementation of LTM + ASM modules, or is this ASM standalone?

It is an LTM + ASM module

It is entirely possible that you are running into a known issue (ID 437076), but that cannot be verified with the information given. I would suggest that you use the self signed certificate if that works for your environment. If not, then I would suggest that you open a support case to verify if you are encountering this issue.