Forum Discussion
Joel_Moses
Apr 05, 2011Nimbostratus
Hoolio's right. No way around this until RFC-5746 support, unless you want to collect the client certificate as part of the initial SSL transaction (no more asking for cert only for certain URIs, then).
The only other way I can see around this in the meantime is to set up another VIP/hostname with the clientSSL profile set to "require" the client certficate, and redirect users who migrate to the /certauth.jsp URI to the new VIP/hostname. You can then modify the iRule to remove URI detection and renegotiation and just set the WL-header values. If you want to get really fancy, you could do this just for Firefox 4 users via User-Agent.