Mutual SSL not working as intended?
I have a vip I'm working on. It had 1-way SSL offloading enabled on the it, and I enabled 2-way SSL by creating a Client CA file with 2 domains tuv.com and xyz.com along with their respective CA certs and enabling the file on the client-ssl profile, along with the settings authenticate always, and peer-cert-mode required.
Now the customer is coming back to me saying its not exactly working as intended. If he does a curl to the vip, and he supplies cert abc.com, cacert bundle and key, he's getting through.
something like this
curl --cert abc_com.crt:<password> --key abc_com.key --cacert abc_com-INT.crt https://myvip.com
Now my understanding is that with mutual SSL, only clients with the certs of tuv.com and xyz.com should be allowed to access the vip. I asked the customer to use openssl -s_client to connect to the vip with the credentials for abc.com, but I'm having a hard time trying to tell whether it was or wasn't from the output.
Does anyone know of anything that can explain this behavior?