Custom Error Page for Revoked SSL Client Certificates

Question

Hi everyone,&nbsp;&nbsp;Is it possible to show an customized error page on the client's browser if he tries to connect with a client certificate that was found to be revoked? The default behavior seems to be that the SSL connection just fails, and therefore the client's browser just shows its own error screen.&nbsp;&nbsp;&nbsp;Initially, I tried the following:&nbsp;1) HTTP:respond from CLIENTSSL_CLIENTCERT event --&gt; not allowed by iRule&nbsp;2) HTTP:respond from AUTH_RESULT event (using CRLDP) --&gt; page does not show, probably because the handshake was never completed (?)&nbsp;&nbsp;&nbsp;Many thanks in advance!&nbsp;&nbsp;&nbsp;Ramon&nbsp;

gavinw_29074 · Answer

Ramon&nbsp;
&nbsp;I hit the same issue when attempting to do a similar piece of functionality around SSL certificates. &nbsp;
&nbsp;The trick was to change the 'peer_cert_mode' SSL mode from require to request. &nbsp;
&nbsp;I've got an example iRule here: https://devcentral.f5.com/wiki/iRules.Catch-SSL-Errors-and-return-a-friendly-page.ashx&nbsp;
&nbsp;HTH. &nbsp;
&nbsp;Gav&nbsp;

Forum Discussion

Custom Error Page for Revoked SSL Client Certificates

Recent Discussions

F5 looses the token for the first call

iRule - Url rewrite and header replace and pool selection not working

Switch ssl profile based on weak cipher detection via IRULE

full-proxy HTTP2

Decode ObjectSID from Base64-encode string

Related Content

F5 Distributed Cloud – Multiple custom certificates for HTTP/TCP LB

Automating ACMEv2 Certificate Management on BIG-IP

Re: Management Certificate

Security Sidebar: My Browser Has No Idea Your Certificate Was Just Revoked

Automate Let's Encrypt Certificates on BIG-IP

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS