Forum Discussion

Manuel_'s avatar
Manuel_
Icon for Altocumulus rankAltocumulus
Oct 19, 2022

C3D first request problem

Hi all, We have an application that has a login button and when you press it you can login with a certificate. This is working perfectly fine. We have put in front of the app a virtual server with ...
C3D
Security
  • Manuel_'s avatar
    Manuel_
    Oct 20, 2022

    With the iRule like this the error does not occur:

    when CLIENTSSL_HANDSHAKE {
  if { [SSL::cert count] != 0 } {
    HTTP::release
  }
}

when HTTP_REQUEST {
    # Some tests to determine if IS_LOGIN_PAGE
    if { IS_LOGIN_PAGE }{
        HTTP::collect
        SSL::session invalidate
        SSL::authenticate always
        SSL::authenticate depth 9
        SSL::cert mode request
        SSL::renegotiate
    }
}

    The only problem I've seen happens if the user cancels the select certificate dialog in the browser but that doesn't worry us a lot.

  • Manuel_'s avatar
    Manuel_
    Icon for Altocumulus rankAltocumulus
    Oct 20, 2022

    Thanks for the link.

    I have tried tcpdump between the browser and F5 simultaneosly with another tcpdump between the F5 and the final server and what happens is the first time F5 sends a TCP Certificate Request to the browser and the user selects the certificate to log in no certificate arrives to F5 but then the browser refreshes itself, and without the user doing nothing, the certificate that he had selected before arrives to F5 and then is logged in the app correctly.