HTTPS certificate fields into HTTP header

Well, two things,

• You're not getting to the server because the iRule is triggering a fatal error. This appears to be in the "session add ssl" statement. What version of BIG-IP are you running?

• Otherwise, in modern versions of BIG-IP, the client SSL profile has a setting called Retain Certificate which enables it to store the SSL certificate information over the life of the connection. The page you're referencing is super old and this wasn't an option back then. So with this setting enabled, you don't actually need to store the certificate information in the session table. It's accessible directly from the HTTP_REQUEST event.

  when HTTP_REQUEST {
      HTTP::header insert SSLClientCertStatus [X509::verify_cert_error_string [SSL::verify_result]]
      HTTP::header insert SSLClientCertSN [SSL::cert 0]
  }
  

I'd also recommend two things:

• That you use HTTP::header replace instead of "insert". If the user injects their own SSLClientCertStatus header, the insert option won't overwrite this, but replace will.
• The [SSL::cert 0] command returns the binary certificate, which is probably not what you want in an HTTP header. Perhaps it'd make more sense to send the PEM version of the cert with [X509::whole [SSL::cert 0]].