Forum Discussion

ramon2501_75161's avatar
Icon for Nimbostratus rankNimbostratus
Apr 01, 2012

Custom Error Page for Revoked SSL Client Certificates

Hi everyone,



Is it possible to show an customized error page on the client's browser if he tries to connect with a client certificate that was found to be revoked? The default behavior seems to be that the SSL connection just fails, and therefore the client's browser just shows its own error screen.




Initially, I tried the following:


1) HTTP:respond from CLIENTSSL_CLIENTCERT event --> not allowed by iRule


2) HTTP:respond from AUTH_RESULT event (using CRLDP) --> page does not show, probably because the handshake was never completed (?)




Many thanks in advance!






1 Reply

  • Ramon



    I hit the same issue when attempting to do a similar piece of functionality around SSL certificates.



    The trick was to change the 'peer_cert_mode' SSL mode from require to request.



    I've got an example iRule here: