We have SSL termination on our ACE module which has been working for a while for a specific URL/VIP. Recently we were given a certificate from the developers and asked to install it onto the ACE so that SSL client certificate authentication can take place so only certain users can access the site. We imported the certificate, created the authgroup, and referenced the newly installed client cert. They tested and state its not working. they are stating our ACE is not configured properly. As this is the first client scenario we have, I want to be sure that they are not right. Here is our config pertaining to this connection:
loadbalance vip inservice
loadbalance policy WEBSERVER_SSL
loadbalance vip icmp-reply active
ssl-proxy server WEBSERVER_CERT
ssl-proxy service WEBSERVER_CERT
crypto authgroup CLIENT_CERT_INFO
I am familiar with generating the keypair and installing certs and keys for SSL termination, but not sure what cert/key/etc...needs to be copied onto the ACE for client authentication, is this something they generate and provide me?
Any info is greatly appreciated.