HTTPS URI re-direct and client certs

Thanks for the info. Since only one of my URI's requires a CC, it seems like I'll need to:

 

1. Check URI to see if its the one that requires a CC

 

2. If it is the URI that requires a CC, pull the SSL info out of the cert and insert it into the HTTP header, and send it to POOLA

 

3. If it's not a URI that requires a CC, send the request directly to POOLB without doing anything with SSL

 

 

I'm a total iRule rookie, so please bear with me. Here's my first stab at combining the 2 examples you sent me:

 

 

when CLIENTSSL_CLIENTCERT {

 

set time to maintain session data (in seconds)

 

set session_timeout 300

 

 

set ssl_stuff [list anything1 anything2]

 

set ssl_cert [SSL::cert 0]

 

set ssl_errstr [X509::verify_cert_error_string [SSL::verify_result]]

 

lset ssl_stuff 0 $ssl_cert

 

lset ssl_stuff 1 $ssl_errstr

 

session add ssl [SSL::sessionid] $ssl_stuff $session_timeout

 

}

 

 

when HTTP_REQUEST {

 

if { [HTTP::uri] starts_with "/companyA" } {

 

set ssl_stuff2 [session lookup ssl [SSL::sessionid]]

 

set ssl_cert2 [lindex $ssl_stuff2 0]

 

set ssl_errstr2 [lindex $ssl_stuff2 1]

 

if { $ssl_errstr2 eq "ok" } {

 

HTTP::header insert SSLClientCertStatus $ssl_errstr2

 

HTTP::header insert SSLClientCertSN [X509::serial_number $ssl_cert2]

 

pool POOLA

 

} else {

 

send HTTP 302 redirect to an error page

 

HTTP::redirect "http://192.168.0.64/error.html"

 

}

 

} else {

 

pool POOLB

 

}

 

}

 

 

Am I even close?

 

 

Thank you