how to add client cert info to ocsp request

Sorry about the generic question... I will try to do better… I am trying to add the ssl cert fields as http headers to an ssl ocsp Irule that allows redirection. Below are the fields I would like to include:

 

 

HTTP::header insert SSLClientCertStatus $y

 

HTTP::header insert SSLClientCertValidFrom [X509::not_valid_before $y]

 

HTTP::header insert SSLClientCertValidUtil [X509::not_valid_after $y]

 

HTTP::header insert SSLClientCertSubject [X509::subject $y]

 

HTTP::header insert SSLClientCertIssuer [X509::issuer $y]

 

 

I am not really sure where I need to add lines to create the cert fields. The Irule usually breaks and states that the variable doesn't exist every time I try to add lines from other Irules that deal with SSL certs.

 

 

In addition, I would like to redirect all expired and revoked certs, but it seems like the Big IP checks its local date and resets the connection before it even reaches the Irule (please correct me if I am wrong on this). I would like to include an "HTTP::repond 301 content http://x.x.x.x" or "Http::redirect http://x.x.x.x" line to AUTH FAILURE, AUTH_WANTCREDENTIAL, and AUTH_ERROR, but it seems like it will not work. I noticed the previous Irule on another post and am trying to make the redirection function work. Please let me know if there is a simpler way of doing this.

 

 

Any help would be greatly appreciated.

 

 

Thank you,

 

Rob