F5 SSL VPN machine cert check rules

Question

Hi,&nbsp;We're migrating to a new MS PKI and were wondering how the F5 SSL VPN client handles multiple local machine certs. Is there any overview of what the rules are in this case when not using any of the issuer, serial number, ... filtering? For example:&nbsp;When 2 valid machine certs are available which one gets picked?When 2 machine certs are available but one is expired does the expired one get picked or will the client ignore it?

boneyard · Answer

the second question was a bug, but is solved now:

https://support.f5.com/csp/article/K56006335

as for which one is picked if both are valid i can't find an answer on. i kinda assume the first the client picks, but on what ground ... ask f5 support is probably most sure way.

Forum Discussion

F5 SSL VPN machine cert check rules

1 Reply

Recent Discussions

F5 terminal - help to run commands - disk space full

import live updates from version x to version y

Tenant image upgrade

iRule editor partition button does not work

F5Access | MacOS Sonoma

Related Content

Zero Trust building blocks - Machine Identity Management (MIM) and Workload Protection

Migration F5-DNS-VM from a Virtual Machine to other Virtual Machine

Ubuntu Virtual Machine for NGINX Microservices March 2022 Labs

Session persistence based on http header for machine to machine calls

Check a Virtual Server's SSL Status