How to read "Trusted Certificates Authorities" on an IRule ?
Hello,
I need to make an irule that reads a list of certificates, as is done in the SSL Client Profile in Trusted Certificate Authorities.
Something like this: https://clouddocs.f5.com/api/irules/ClientCertificateCNChecking.html
But without validating on a datagroup DN, or Issuers and etc. certificate specifics.
The logic I need is this:
If uri contains "/auth" then the client certificate is validated. Anything else is not validated.
I tried to use the following parameters in the iRule, but it falls in case I have to read a list or datagroup and I need to read any data from the client certificate that is valid in a "CA-Bundle".
when HTTP_REQUEST {
if { [HTTP::uri] starts_with "/auth/" } {
set protected 1
log local0. "Protected URI requested: [HTTP::uri]"
set collected 1
HTTP::collect
SSL::authenticate always
SSL::authenticate depth 9
SSL::cert mode require
SSL::renegotiate
}
I can't disable "SSL::cert mode require" for everything that isn't "/auth".
Can someone please help me?
This kind of thing is so simple in NGINX code, but in BIG-IP I'm struggling to do it.
Thanks!