For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Tidux_92112's avatar
Tidux_92112
Icon for Nimbostratus rankNimbostratus
Aug 09, 2005

How to insert certificate serial number and ssl verify result to http header both ?

As above, I want to deliver ssl cert serial number to http server behind BIG-IP, and redirect the users who has no cert to an error page at same time.     It looks like that if I use two "sessio...
application delivery
dev
devops
iRules
Robert_Decker_2's avatar
Robert_Decker_2
Icon for Nimbostratus rankNimbostratus
Jan 17, 2006
I was hoping somebody could help me out with this. I would like to send the same certificate information to our web servers. My main problem is that I receive a “page cannot be displayed” 400 bad request error with the following code:

 

 

when CLIENTSSL_CLIENTCERT {

 

set ssl_cert [SSL::cert 0]

 

set ssl_errstr [X509::verify_cert_error_string [SSL::verify_result]]

 

set ssl_stuff [list $ssl_cert $ssl_errstr]

 

session add ssl [SSL::sessionid] $ssl_stuff 180

 

}

 

 

when HTTP_REQUEST {

 

set ssl_stuff2 [session lookup ssl [SSL::sessionid]]

 

set ssl_cert2 [lindex $ssl_stuff2 0]

 

set ssl_errstr2 [lindex $ssl_stuff2 1]

 

HTTP::header insert SSLClientCertStatus $ssl_errstr2

 

HTTP::header insert SSLClientCertSN [X509::serial_number $ssl_cert2]

 

HTTP::header insert SSLClientCertValidFrom [X509::not_valid_before $ssl_cert2]

 

HTTP::header insert SSLClientCertValidUtil [X509::not_valid_after $ssl_cert2]

 

HTTP::header insert SSLClientCertSubject [X509::subject $ssl_cert2]

 

HTTP::header insert SSLClientCertIssuer [X509::issuer $ssl_cert2]

 

}

 

 

I can see the client certificate information while monitoring the server using ethereal, but can’t seem to get the web page to display properly.

 

 

Thank you for your help,

 

Rob