Client SSL Cert Irule

im now using the following irule

 

 

when CLIENTSSL_CLIENTCERT {

 

log local0. "start CLIENTSSL_CLIENTCERT"

 

set the_cert [SSL::cert 0]

 

set pkiSubject [X509::subject $the_cert]

 

set pkiIssuer [X509::issuer $the_cert]

 

log local0. "end CLIENTSSL_CLIENTCERT"

 

}

 

 

 

 

when HTTP_REQUEST {

 

 

log local0. "start HTTP_REQUEST, uri is [HTTP::uri]"

 

 

if { [HTTP::uri] starts_with "/SLFCSSOCollector/ssl/" } {

 

log local0. "URI /SLFCSSOCollector/ssl/ detected!"

 

if { [SSL::cert count] == 0} {

 

log local0. "no certificate found... force SSL"

 

SSL::cert mode require

 

SSL::renegotiate

 

log local0. "end HTTP_REQUEST"

 

} else {

 

log local0. "certificate found!"

 

set the_cert [SSL::cert 0]

 

set pkiSubject [X509::subject $the_cert]

 

set pkiIssuer [X509::issuer $the_cert]

 

HTTP::header insert CLIENTSSL_Status [SSL::verify_result]

 

HTTP::header insert CLIENTSSL_StatusString [X509::verify_cert_error_string [SSL::verify_result]]

 

HTTP::header insert CLIENTSSL_CN $pkiSubject

 

HTTP::header insert CLIENTSSL_SSLIssuer $pkiIssuer

 

HTTP::header insert CLIENTSSL_SSLClientCertSN [X509::serial_number $the_cert]

 

HTTP::header insert CLIENTSSL_Cert [b64encode $the_cert]

 

}

 

}

 

}

 

 

 

I am still having the info not come accross in the first header have to hit F5(refresh) then after headers show up... Here is my logs

 

 

12:28:31 EDT 2008Rule sslheader : start HTTP_REQUEST, uri is /SLFCSSOCollector/ssl/headers.asp

 

12:28:31 EDT 2008Rule sslheader : URI /SLFCSSOCollector/ssl/ detected!

 

12:28:31 EDT 2008Rule sslheader : no certificate found... force SSL

 

12:28:31 EDT 2008Rule sslheader : end HTTP_REQUEST

 

12:28:33 EDT 2008Rule sslheader : start HTTP_REQUEST, uri is /SLFCSSOCollector/ssl/headers.asp

 

12:28:33 EDT 2008Rule sslheader : URI /SLFCSSOCollector/ssl/ detected!

 

12:28:33 EDT 2008Rule sslheader : no certificate found... force SSL

 

12:28:33 EDT 2008Rule sslheader : end HTTP_REQUEST

 

12:28:33 EDT 2008Rule sslheader : start CLIENTSSL_CLIENTCERT

 

12:28:33 EDT 2008Rule sslheader : end CLIENTSSL_CLIENTCERT

 

12:28:35 EDT 2008Rule sslheader : start HTTP_REQUEST, uri is /SLFCSSOCollector/ssl/headers.asp

 

12:28:35 EDT 2008Rule sslheader : URI /SLFCSSOCollector/ssl/ detected!

 

12:28:35 EDT 2008Rule sslheader : certificate found!

 

12:28:37 EDT 2008Rule sslheader : start HTTP_REQUEST, uri is /SLFCSSOCollector/ssl/headers.asp

 

12:28:37 EDT 2008Rule sslheader : URI /SLFCSSOCollector/ssl/ detected!

 

12:28:37 EDT 2008Rule sslheader : no certificate found... force SSL

 

12:28:37 EDT 2008Rule sslheader : end HTTP_REQUEST

 

12:28:52 EDT 2008Rule sslheader : start HTTP_REQUEST, uri is /SLFCSSOCollector/ssl/headers.asp

 

12:28:52 EDT 2008Rule sslheader : URI /SLFCSSOCollector/ssl/ detected!

 

12:28:52 EDT 2008Rule sslheader : no certificate found... force SSL

 

12:28:52 EDT 2008Rule sslheader : end HTTP_REQUEST