Forum Discussion

Banny_Lau_10257's avatar
Banny_Lau_10257
Icon for Nimbostratus rankNimbostratus
Jun 22, 2005

Any Solution

    I am sorry that I am newbie for writing IP rule and configuring BIGIPv9.1. Could anyone help me the following:     Could you have any solution about configuring SSL Client Au...
application delivery
dev
devops
iRules
Banny_Lau_10257's avatar
Banny_Lau_10257
Icon for Nimbostratus rankNimbostratus
Jun 26, 2005

 

 

I would like to build SSL Client authentication in one of jsp or html pages. I set up a test environment with a welcome page of apache. whenever I click the link of https:///manual/ or type the url. The dialog box of Client Authentication (ici-appl-wo-client Profile) can be displayed. After the client authentication finish, the header insertion has to do before it send to server with SSL Server Authentication. (SSL-Self Profile)

 

 

 

when CLIENT_ACCEPTED {

 

if { $::gotcert != 1 } {

 

set needcert 0;

 

set ::gotcert 0;

 

}

 

}

 

 

when CLIENTSSL_CLIENTCERT {

 

log LOCAL0.warn "cert count=[SSL::cert count] result=[SSL::verify_result]";

 

if { $::gotcert == 0 and ([SSL::cert count] != 0 or [SSL::verify_result] == 0) } {

 

log LOCAL0.warn "Good cert! ($needcert)"

 

set ::gotcert 1

 

set ::crt "[SSL::cert 0]"

 

log LOCAL0. "GOTCERT $::crt"

 

} else {

 

}

 

}

 

 

when HTTP_REQUEST {

 

set ::gotcert 0

 

log LOCAL0. "HTTP-RQ"

 

log LOCAL0. "[X509::subject $::crt]"

 

HTTP::header insert "CLIENT_IP" [IP::client_addr]

 

HTTP::header insert "SSL_CLIENT_M_SERIAL" [X509::serial_number $::crt];

 

HTTP::header insert "SSL_CLIENT_I_DN" [SSL::cert issuer 0];

 

HTTP::header insert "SSL_CLIENT_S_DN" [X509::subject $::crt];

 

HTTP::header insert "SSL_CLIENT_I_DN_x509" [X509::issuer $::crt];

 

HTTP::header insert "SSL_CLIENT_CERT" [X509::whole $::crt];

 

}