Forum Discussion
Andy_McGrath
Aug 30, 2019Cumulonimbus
Take it you want the client certificate data inserted as HTTP headers?
The following does this generally, you will need to pick the parts you want from the iRule X509 options:
when CLIENTSSL_CLIENTCERT priority 100 {
if {[SSL::cert count] > 0} {
set clientCert [X509::whole [SSL::cert 0]]
set clientCertSubject [X509::subject [SSL::cert 0]]
foreach field [ split $clientCertSubject ","] {
if {$field starts_with "CN="} {
set clientCommonName [getfield $field "=" 2]
}
}
}
}
when HTTP_REQUEST {
if {(info exists clientCert) && ($clientCert ne "") } {
HTTP::header insert X-Client-Cert $clientCert
}
if {(info exists clientCommonName) && ($clientCommonName ne "") } {
HTTP::header insert X-Client-CN $clientCommonName
}
}