F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

meverett_60507's avatar
meverett_60507
Icon for Nimbostratus rankNimbostratus
Sep 29, 2010

ClientSSL_ClientCert Event

All-     I have been working on an irule for client authentication that validates the CN field and inserts certain fields from the X.509 certificates in the HTTP headers. There are numberous ...
application delivery
dev
devops
iRules
hoolio's avatar
hoolio
Icon for Cirrostratus rankCirrostratus
Sep 30, 2010
I remember a bug in some versions of 9.4.x where CLIENTSSL_CLIENTCERT wouldn't always fire. There was a hotfix for 9.4.x which corrected the issue in my testing. However, after upgrading to 10.1, I think the issue recurred.

 

 

Which LTM version are you running?

 

 

Maybe the difference you're seeing between the production and QA LTM's is due to the advertised CA bundle configured on the two? If the client doesn't have a client cert from any CA in the advertised CA bundle LTM sends, it won't prompt the user to select a client cert (or send one automatically). Or have I misunderstood your scenario?

 

 

Aaron