For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Prakash_Jayaram's avatar
Prakash_Jayaram
Icon for Nimbostratus rankNimbostratus
Sep 29, 2015

How to retrive ssl client certificate from HTTP header

I have a scenario where actual ssl client certficate is already inserted inside the HTTP header. How can I make the F5 to look inside the HTTPheader for actual ssl client certificate?  
application delivery
deployment
design
LTM
Prakash_Jayaram's avatar
Prakash_Jayaram
Icon for Nimbostratus rankNimbostratus
Sep 29, 2015

Hello Hannes Rapp,

 

Thanks for your answer. I am able to see the certificate in header. how to take this certificate out from the header and decrypt it. How can I proceed further using it like a normal SSL::cert 0, etc..Please suggest.

 

  • Hannes_Rapp's avatar
    Hannes_Rapp
    Icon for Nimbostratus rankNimbostratus
    Sep 29, 2015
    If you see the HTTP header, your traffic flow is already decrypted - you would not be able to access this information in case of encrypted traffic flow. This means your F5 offloads the SSL (completes the SSL handshake without authenticating the client). This header will not be used for traffic decryption at any point, but you can still use this information for client-authentication at the upper layer. Does this make sense? Based on your initial post, it seems like you want to create a client-authentication solution but you have the SSL client-certificate information in HTTP protocol information. Can you confirm this is what you're trying to acomplish or if there's a misunderstanding here?