Forum Discussion

2019F5DevCentra's avatar
2019F5DevCentra
Icon for Cirrus rankCirrus
Dec 09, 2019
Solved

CLIENTSSL - iRule

CLIENTSSL - iRule   Is there a method to acquire Certificate Details Subject, Serial, and Hash Values without having to trigger the request in the Client SSL Profile?   CLIENTSSL_HANDSHAKE C...
devops
irules
2019F5DevCentra's avatar
2019F5DevCentra
Icon for Cirrus rankCirrus
Dec 10, 2019

If an application makes a request to the VIP to access the servers. Will the "Require" option force the machine to use it's certificate in it's cert store or will this just force to request it?

 

I am attempting to passively see what the client is passing if in fact it is passing a certificate.

jaikumar_f5's avatar
jaikumar_f5
Icon for Noctilucent rankNoctilucent
Dec 11, 2019

A require is like - REQUIRED. Meaning it is needed. So its a force setting asking the client to provide the certificate. The certificate could be anything from his cert store. Often it will be his machine certificate. Or in case the client machine would have installed multiple other app related certificates too. Also to note, here the SSL does not estabishes unless the cert is provided.

 

Whereas the Request is like - making a REQUEST, if he gives, it logs. If he doesn't share, still it proceeds. Hope this helps.

 

If you think the issue is solved, feel free to mark the thread closed as solution provided.