Certiicate Required

Assuming you're the issuer of the cet, I think you'd want something like this:

when HTTP_REQUEST {  
  if { [SSL::cert issuer] eq "your_company" } {  
    pool appropriate_ssl_pool
  } else {  
    HTTP::redirect "http://www.your-chosen-redirect-domain.com"
  }  
}  

Hope this helps,

-Colin

This is what I have

 

 

when HTTP_REQUEST {

 

if { [SSL:Thawte Server CA:] eq "Thawte Server CA" } {

 

pool secure.sitename.com

 

} else {

 

HTTP::redirect "http://www.your-chosen-redirect-domain.com"

 

}

 

}

 

 

It gives the following error.

 

 

01070151:3: Rule [_require_cert_sites] error:

 

line 2: [undefined procedure: SSL:Thawte] [SSL:Thawte Server CA:]

 

 

Well, first of all, the rule is a little off. Try this:

when HTTP_REQUEST {
  if { [SSL::cert issuer] eq "Thawte Server CA" } {
    pool secure.sitename.com
  } else {
    HTTP::redirect "http://www.your-chosen-redirect-domain.com"
  }
}

Second, what information in the cert is it that you want to use to identify whether or not the client has the right cert installed?

Thanks,

-Colin

Here is what i am bascily looking for.

 

 

I have a site, its called https://csr.sitename.com. This is a public site, but I only want users that have one of our certs installed to load the site.

 

 

I though I could create a rule to check to see if the browser has the cert, and if it does allow the user to see the site, and if not, send them elsewhere.

 

 

Here is what I have from your last post.

 

 

when HTTP_REQUEST {

 

if { [SSL::cert issuer] eq "Thawte Server CA" } {

 

pool secure.sitename.com

 

} else {

 

HTTP::redirect "http://www.yahoo.com" }

 

}

 

 

I recevie the following error.

 

 

01070151:3: Rule [_require_cert_sites] error:

 

line 2: [wrong args] [SSL::cert issuer]

I am not sure what part of the certificate I Should look for. I got the rule to work with no errors, but the site will not load with the cert installed.. Any other ideas?