Forum Discussion

Nimbostratus

Jul 20, 2005

Client Certificates at the Backend?

We have successfully configured the BIGIP device to require client certificates - it accepts the certs and passes the traffic through. Now, we need to be able to read and manipulate the client cert a...

Historic F5 Account

Jul 20, 2005

Try this on a virtual server with an attached SSL and HTTP profile:


rule foo {
   when HTTP_REQUEST {
        if {[SSL::cert count] > 0} {
            HTTP::header replace SSLClientCert [b64encode [SSL::cert 0]]
        }
    }
}

This BASE64-encodes the client certificate, if any, into an HTTP header called "SSLClientCert", replacing it if the client already has a header by that name. You'd need to BASE64-decode it on the back-end, and then you'd have the original certificate again.

Let us know if this works for you.

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

Client Certificates at the Backend?

F5 Academies Are Back – And We’re Coming to a City Near You

Introducing the F5 Application Study Tool (AST)

Recent Discussions

master key file on vcmp guest HA Cluster different?

F5 Health Monitor Receive String as JSON

Rewrite content in XML schema file.

DNS Request to VS?

Guide for exam 402 F5 Certified Solution Expert

Related Content

HTTPS Routing based on Client Certificates values with F5 Distributed Cloud

Thumbprint of the client ssl certificate

Help F5 Transform the BIG-IP Administrator Certification

Re: Management Certificate

F5 Certified Administrator NGINX certification now available!

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS