Forum Discussion
Banny_Lau_10257
Nimbostratus
NimbostratusAny Solution
I am sorry that I am newbie for writing IP rule and configuring BIGIPv9.1. Could anyone help me the following:
Could you have any solution about configuring SSL Client Au...
Banny_Lau_10257Nimbostratus
Nimbostratus
I would like to build SSL Client authentication in one of jsp or html pages. I set up a test environment with a welcome page of apache. whenever I click the link of https:///manual/ or type the url. The dialog box of Client Authentication (ici-appl-wo-client Profile) can be displayed. After the client authentication finish, the header insertion has to do before it send to server with SSL Server Authentication. (SSL-Self Profile)
when CLIENT_ACCEPTED {
if { $::gotcert != 1 } {
set needcert 0;
set ::gotcert 0;
}
}
when CLIENTSSL_CLIENTCERT {
log LOCAL0.warn "cert count=[SSL::cert count] result=[SSL::verify_result]";
if { $::gotcert == 0 and ([SSL::cert count] != 0 or [SSL::verify_result] == 0) } {
log LOCAL0.warn "Good cert! ($needcert)"
set ::gotcert 1
set ::crt "[SSL::cert 0]"
log LOCAL0. "GOTCERT $::crt"
} else {
}
}
when HTTP_REQUEST {
set ::gotcert 0
log LOCAL0. "HTTP-RQ"
log LOCAL0. "[X509::subject $::crt]"
HTTP::header insert "CLIENT_IP" [IP::client_addr]
HTTP::header insert "SSL_CLIENT_M_SERIAL" [X509::serial_number $::crt];
HTTP::header insert "SSL_CLIENT_I_DN" [SSL::cert issuer 0];
HTTP::header insert "SSL_CLIENT_S_DN" [X509::subject $::crt];
HTTP::header insert "SSL_CLIENT_I_DN_x509" [X509::issuer $::crt];
HTTP::header insert "SSL_CLIENT_CERT" [X509::whole $::crt];
}
