Examice

Exam 301b All QuestionsBrowse all questions from this exam

Question 173

-- Exhibit

-- Exhibit --

Refer to the exhibit.

An LTM Specialist creates a virtual server to load balance traffic to a pool of HTTPS servers. The servers use client certificates for user authentication. The virtual server has clientssl, serverssl, and http profiles enabled. Clients are unable to connect to the application through the virtual server, but they are able to connect to the application servers directly.

Which change to the LTM device configuration will resolve the problem?

Install the server certificate/key and enable Proxy SSL.

Use the serverssl-insecure-compatible serverssl profile.

Configure the clientssl profile to require a client certificate.

Install the client's issuing Certificate Authority certificate on the LTM device.

Correct Answer: D

The issue is that clients need to present certificates issued by a specific Certificate Authority to authenticate to the HTTPS servers. Since the LTM device is in between the clients and servers, it needs to trust the issuing CA of the client certificates. Therefore, installing the client's issuing Certificate Authority certificate on the LTM device will resolve the problem by allowing the LTM to validate the client certificates presented during the SSL handshake.

Discussion

GVKDOption: A

A - Correct