Forum Discussion
Ted_51200
Nimbostratus
NimbostratusClient SSL Cert Irule
I am looking to request a client ssl cert to happen only if a a spacific url is requested but ignore if not.
My Irule
when CLIENTSSL_CLIENTCERT {
set the_cert [SSL::...
Ted_51200Nimbostratus
NimbostratusI now have a working Irule, but only sends the SSL headers/Info on refresh... anyone have any idea why ? or how to correct it?
Irule:
when CLIENTSSL_CLIENTCERT {
log local0. "start CLIENTSSL_CLIENTCERT"
set the_cert [SSL::cert 0]
set pkiSubject [X509::subject $the_cert]
set pkiIssuer [X509::issuer $the_cert]
HTTP::release
log local0. "end CLIENTSSL_CLIENTCERT"
}
when HTTP_REQUEST_SEND {
clientside {
log local0. "start HTTP_REQUEST_SEND"
if { [SSL::cert count] > 0} {
set the_cert [SSL::cert 0]
set pkiSubject [X509::subject $the_cert]
set pkiIssuer [X509::issuer $the_cert]
HTTP::header replace CLIENTSSL_Status [SSL::verify_result]
HTTP::header replace CLIENTSSL_StatusString [X509::verify_cert_error_string [SSL::verify_result]]
HTTP::header replace CLIENTSSL_CN $pkiSubject
HTTP::header replace CLIENTSSL_SSLIssuer $pkiIssuer
HTTP::header replace CLIENTSSL_SSLClientCertSN [X509::serial_number $the_cert]
HTTP::header replace CLIENTSSL_Cert [b64encode $the_cert]
log local0. "end HTTP_REQUEST_SEND"
}
}
}
when HTTP_REQUEST {
log local0. "start HTTP_REQUEST"
if { [HTTP::uri] starts_with "/SLFCSSOCollector/ssl/" } {
if { [SSL::cert count] == 0} {
SSL::cert mode require
SSL::renegotiate
log local0. "end HTTP_REQUEST"
}
}
}
