Forum Discussion
jermc777_185784
Nimbostratus
NimbostratusClient Authentication - Trusted Certificate Authority
My website requires user authentication with user name and password. Example, www.mysiteABC.com. I want to allow users to access this as they normally do but if they were to go to www.mysiteABC.com...
Amit_KarnikNimbostratus
NimbostratusOk you can definitely do what you are describing now. Setup your clientssl profile to "Request" instead of "Require" a client certificate.
This way the SSL handshake is successful for both end users which presented a certificate and those who did not.
In the CLIENTSSL_HANDSHAKE event, check if a certificate was presented and it matched any of your policies. Based on those checks setup a flag.
Now you can use the flag in the HTTP_REQUEST event to either provide access or redirect to an info page which tells users what they need.
Best.
