client cert format(s)

[root@iris:Active] tmp  b virtual bar list
virtual bar {
   snat automap
   pool foo
   destination 172.28.17.33:https
   ip protocol tcp
   profiles {
      myclientssl {
         clientside
      }
      tcp {}
   }
}
[root@iris:Active] tmp  b pool foo list
pool foo {
   members 10.10.70.110:http {}
}
[root@iris:Active] tmp  b profile myclientssl list
profile clientssl myclientssl {
   defaults from clientssl
   ca file "myca.crt"
   client cert ca "myca.crt"
   peer cert mode require
}

[root@iris:Active] tmp  perl -n0777e 'map { print "---\n"; open(CMD, "| openssl x509 -noout -subject -issuer");
> print CMD; close(CMD) } /^-----BEGIN.*?^-----END.*?\n/gsm' /config/ssl/ssl.crt/myca.crt
---
subject= /C=us/ST=wa/L=seattle/O=f5net/OU=ps/CN=ca.f5net.com
issuer= /C=us/ST=wa/L=seattle/O=f5net/OU=ps/CN=ca.f5net.com

[root@iris:Active] tmp  perl -n0777e 'map { print "---\n"; open(CMD, "| openssl x509 -noout -subject -issuer");
print CMD; close(CMD) } /^-----BEGIN.*?^-----END.*?\n/gsm' /var/tmp/client.crt
---
subject= /C=us/ST=wa/L=seattle/O=f5net/OU=ps/CN=client.f5net.com
issuer= /C=us/ST=wa/L=seattle/O=f5net/OU=ps/CN=ca.f5net.com

[root@iris:Active] tmp  curl -Ik https://172.28.17.33/
curl: (35) error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure

[root@iris:Active] tmp  curl -Ik https://172.28.17.33/ --cert /var/tmp/client.crt --key /var/tmp/client.key
HTTP/1.1 200 OK
Date: Mon, 10 Oct 2011 05:48:50 GMT
Server: Apache/2.0.59 (rPath)
Last-Modified: Sat, 11 Jun 2011 00:31:47 GMT
ETag: "667a-67-cfb682c0"
Accept-Ranges: bytes
Content-Length: 103
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8

[root@iris:Active] config  tcpdump -nni 0.0 port 80 or port 443
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on 0.0, link-type EN10MB (Ethernet), capture size 108 bytes
22:37:56.206922 IP 172.28.16.50.55779 > 172.28.17.33.443: S 1134784783:1134784783(0) win 5840 
22:37:56.206975 IP 172.28.17.33.443 > 172.28.16.50.55779: S 336533231:336533231(0) ack 1134784784 win 4380 
22:37:56.207366 IP 172.28.16.50.55779 > 172.28.17.33.443: . ack 1 win 46 
22:37:56.231964 IP 172.28.16.50.55779 > 172.28.17.33.443: P 1:61(60) ack 1 win 46 
22:37:56.232023 IP 172.28.17.33.443 > 172.28.16.50.55779: P 1:899(898) ack 61 win 4380 
22:37:56.233346 IP 172.28.16.50.55779 > 172.28.17.33.443: . ack 899 win 60 
22:37:56.258822 IP 172.28.16.50.55779 > 172.28.17.33.443: P 61:1487(1426) ack 899 win 60 
22:37:56.260844 IP 10.10.72.30.55779 > 10.10.70.110.80: S 2770116511:2770116511(0) win 4380 
22:37:56.260919 IP 172.28.17.33.443 > 172.28.16.50.55779: P 899:946(47) ack 1487 win 5866 
22:37:56.261254 IP 10.10.70.110.80 > 10.10.72.30.55779: S 1949413990:1949413990(0) ack 2770116512 win 5792 
22:37:56.261277 IP 10.10.72.30.55779 > 10.10.70.110.80: . ack 1 win 4380 
22:37:56.262251 IP 172.28.16.50.55779 > 172.28.17.33.443: P 1487:1667(180) ack 946 win 60 
22:37:56.262353 IP 10.10.72.30.55779 > 10.10.70.110.80: P 1:156(155) ack 1 win 4380 
22:37:56.262589 IP 10.10.70.110.80 > 10.10.72.30.55779: . ack 156 win 1716 
22:37:56.264550 IP 10.10.70.110.80 > 10.10.72.30.55779: P 1:266(265) ack 156 win 1716 
22:37:56.264913 IP 172.28.17.33.443 > 172.28.16.50.55779: P 946:1236(290) ack 1667 win 6046 
22:37:56.266389 IP 172.28.16.50.55779 > 172.28.17.33.443: P 1667:1694(27) ack 1236 win 74 
22:37:56.266423 IP 10.10.72.30.55779 > 10.10.70.110.80: F 156:156(0) ack 266 win 4645 
22:37:56.266429 IP 172.28.17.33.443 > 172.28.16.50.55779: F 1236:1236(0) ack 1694 win 6073 
22:37:56.266738 IP 10.10.70.110.80 > 10.10.72.30.55779: F 266:266(0) ack 157 win 1716 
22:37:56.266751 IP 10.10.72.30.55779 > 10.10.70.110.80: . ack 267 win 4645 
22:37:56.268837 IP 172.28.16.50.55779 > 172.28.17.33.443: F 1694:1694(0) ack 1237 win 74 
22:37:56.268884 IP 172.28.17.33.443 > 172.28.16.50.55779: . ack 1695 win 6073 

23 packets captured
23 packets received by filter
0 packets dropped by kernel