Forum Discussion
NimbostratusHow to pass client cert to server for specific URI condition only via iRule
Hi All,
Need help with iRule, client wants to have client cert at server level for authentication for specific URI only, I was able to send client cert to servers using below irule ( got it from other posts ) for all URI traffic with peer-cert-mode as request under clientssl profile.
when CLIENTSSL_CLIENTCERT {
set cur [SSL::sessionid]
set ask [session lookup ssl $cur]
if { $ask eq "" } {
session add ssl [SSL::sessionid] [SSL::cert 0]
}
}
when HTTP_REQUEST {
set id [SSL::sessionid]
set the_cert [session lookup ssl $id]
if { $the_cert != ""} {
HTTP::header insert x-client-cert [X509::whole $the_cert]
}
}
But when I tried to add if condition for specific URI like below, client noticed that the certificate is not passed to the server for first time or session creation. The certificate is passed to the server second time and until session valid.
when HTTP_REQUEST {
set id [SSL::sessionid]
set the_cert [session lookup ssl $id]
if {[HTTP::uri] starts_with "/BCAPI/V2.0/"} {
SSL::cert mode request
SSL::renegotiate
}
if { $the_cert != ""} {
HTTP::header insert x-client-cert [X509::whole $the_cert]
}
}
Could you please help me to fix this irule issue to send client certs to server in first call for specific URI.
swapna_pAny help would be appreciated
Charles_LambHi Swapna,
What happens when you try:
set id [SSL::sessionid] set the_cert [session lookup ssl $id] if {[HTTP::uri] starts_with "/BCAPI/V2.0/"} { if { $the_cert != ""} { HTTP::header insert x-client-cert [X509::whole $the_cert] } }