Forum Discussion
Erich_Rockman_1
Jun 29, 2016Cirrus
Client Certificate Verification using Request
Hello. Wondering if there is an iRule equivalent of the "Client Certificate - Require" and "Trusted Certificate Authorities - Bundle" in the SSL Profile. I have a situation where I need to set the "C...
- Jun 30, 2016
I decided to go with something like this:
when CLIENTSSL_CLIENTCERT { if {[SSL::cert count] > 0} { set error_code [SSL::verify_result] set error_code_string [X509::verify_cert_error_string [SSL::verify_result]]
log local0. "error_code = $error_code" log local0. "error_code_string = $error_code_string" if { $error_code ne 0 } { reject return } }
}
Erich_Rockman_1
Jun 30, 2016Cirrus
I decided to go with something like this:
when CLIENTSSL_CLIENTCERT { if {[SSL::cert count] > 0} { set error_code [SSL::verify_result] set error_code_string [X509::verify_cert_error_string [SSL::verify_result]]
log local0. "error_code = $error_code"
log local0. "error_code_string = $error_code_string"
if { $error_code ne 0 } {
reject
return
}
}
}
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects