Forum Discussion

Erich_Rockman_1's avatar
Jun 29, 2016

Client Certificate Verification using Request

Hello. Wondering if there is an iRule equivalent of the "Client Certificate - Require" and "Trusted Certificate Authorities - Bundle" in the SSL Profile. I have a situation where I need to set the "C...
  • Erich_Rockman_1's avatar
    Jun 30, 2016

    I decided to go with something like this:

    when CLIENTSSL_CLIENTCERT { if {[SSL::cert count] > 0} { set error_code [SSL::verify_result] set error_code_string [X509::verify_cert_error_string [SSL::verify_result]]

        log local0. "error_code = $error_code" 
        log local0. "error_code_string = $error_code_string"
    
        if { $error_code ne 0 } {
            reject
            return
        }
    }
    

    }