Client SSL Cert Irule

I've been trying to do a similar thing... and am also having problems. All I'm trying to do is to check a URI, and if it contains '/SecureURI', then perform client authentication, and if authorised (using the SOA_Trusted_Certs , forward to the secure pool using a serverSSL profile. If unauthorised, reject the connection.

 

 

If the URI does not contain '/SecureURI', then forward to the regular HTTP pool, and disable the serverSSL profile. When I test the iRule below, by trying to access the insecure site, it works, however when I try the secure URI, I get this error: "HTTP_REQUEST - cant read subject_dn: no such variable while executing matchclass $subject_dn contains $::SOA_Trusted_Certs"

 

 

Here is the iRule:

 

 

when RULE_INIT {

 

set ::org "O=MyCompany"

 

}

 

when CLIENTSSL_CLIENTCERT {

 

set subject_dn [X509::subject [SSL::cert 0]]

 

log "Client Certificate Received: $subject_dn"

 

}

 

when HTTP_REQUEST {

 

if {[HTTP::uri] contains "/SecureURI"} {

 

pool secure_pool_443

 

if { ([matchclass $subject_dn contains $::SOA_Trusted_Certs]) and ($subject_dn contains $::org) } {

 

log "Client Certificate Accepted: $subject_dn"

 

} else {

 

log "No Matching Client Certificate Was Found Using: $subject_dn"

 

reject

 

}

 

}

 

else {

 

pool unsecure_pool_80

 

SSL::disable serverside

 

}

 

}

 

 

Kircos, what error do you see when the iRule is hit?