We use SSL Client authentication and certificate is being stored in an http header using the following iRule:
when CLIENTSSL_CLIENTCERT {
set ssl_stuff [list cert cert_status]
set ssl_cert_status [X509::verify_cert_error_string [SSL::verify_result]]
lset ssl_stuff 0 [SSL::cert 0]
lset ssl_stuff 1 $ssl_cert_status
session add ssl [SSL::sessionid] $ssl_stuff 3600
}
when HTTP_REQUEST {
set ssl_stuff [session lookup ssl [SSL::sessionid]]
set the_cert [lindex $ssl_stuff 0]
set ssl_cert_status [lindex $ssl_stuff 1]
if { $ssl_cert_status eq "ok"}
{
if { $the_cert != ""}
{
HTTP::header insert SSLClientCert [ join [string trim [string map { "-----BEGIN CERTIFICATE-----" "" "-----END CERTIFICATE-----" ""} [X509::whole $the_cert ] ] ] "" ]
}
}
}
Thanks,
Bhargav