Greetings,
My configuration is far simpler than yours, I'll post it below. For me, the ssldump output wasn't very helpful. I used both the /var/log/httpd/httpd_errors and /var/log/secure logs to troubleshoot.
BIG-IP config:
list sys httpd
sys httpd {
ssl-ca-cert-file /Common/bigip_ca
ssl-ocsp-default-responder http://172.24.171.29:2345
ssl-ocsp-enable on
ssl-ocsp-override-responder on
ssl-verify-client require
}
list auth cert-ldap
auth cert-ldap system-auth {
bind-dn cn=admin,dc=ldap,dc=test,dc=net
bind-pw $M$nq$CDOcADlm/Mkwy8MIU1/eLg==
login-attribute uid
login-filter "[a-z]{5}"
login-name cn
search-base-dn ou=People,dc=ldap,dc=test,dc=net
servers { 172.24.171.2 }
sso on
}
LDAP entry:
kevin, People, ldap.test.net
dn: uid=kevin,ou=People,dc=ldap,dc=test,dc=net
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
uid: kevin
cn: kevin
displayName: kevin
SSL certificate:
Subject: C=US, ST=Washington, L=Seattle, O=Example, OU=Example BIGIP Admins, CN=kevin
Hope this is helpful!
Kevin