For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Rob_Wismans_179's avatar
Rob_Wismans_179
Icon for Nimbostratus rankNimbostratus
Feb 22, 2018

Bypass Client Certificate authentication

Hello,   I have an existing working irule that handles client authentication.   The Client SSL Profile is set to request a client certificate.   My question: How to bypass this existing cli...
application delivery
iRules
LTM
Rob_Wismans_179's avatar
Rob_Wismans_179
Icon for Nimbostratus rankNimbostratus
Feb 22, 2018
when CLIENT_ACCEPTED {
    if { $static::debug == 2  } { log local0. "CIP: Client connected from [IP::client_addr]:[TCP::client_port]" }
}

when CLIENTSSL_CLIENTCERT {
    if { $static::debug == 2  } { 
         Check if client presented a cert after it was requested/required
        if { [SSL::cert count] > 0 } {
             Loop through each cert and log the cert subject, issuer and serial number
            for { set i 0 } { $i < [SSL::cert count] } { incr i } {
                log local0. "CIP: [IP::client_addr]:[TCP::client_port]: cert $i; subject=[X509::subject [SSL::cert $i]];\
                    [X509::issuer [SSL::cert $i]]; cert_serial=[X509::serial_number [SSL::cert $i]];"
            }
        } else {
            log local0. "CIP: [IP::client_addr]:[TCP::client_port]: No client cert found!"
        }
    }
}