For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

William_Them_99's avatar
William_Them_99
Icon for Nimbostratus rankNimbostratus
Jul 20, 2005

Client Certificates at the Backend?

We have successfully configured the BIGIP device to require client certificates - it accepts the certs and passes the traffic through. Now, we need to be able to read and manipulate the client cert a...
application delivery
dev
devops
iRules
rapmaster_c_127's avatar
rapmaster_c_127
Historic F5 Account
Jul 20, 2005
Try this on a virtual server with an attached SSL and HTTP profile:


rule foo {
   when HTTP_REQUEST {
        if {[SSL::cert count] > 0} {
            HTTP::header replace SSLClientCert [b64encode [SSL::cert 0]]
        }
    }
}

This BASE64-encodes the client certificate, if any, into an HTTP header called "SSLClientCert", replacing it if the client already has a header by that name. You'd need to BASE64-decode it on the back-end, and then you'd have the original certificate again.

Let us know if this works for you.