Forum Discussion

Miguel_111028's avatar
Miguel_111028
Icon for Nimbostratus rankNimbostratus
Oct 23, 2008

Inserting SSL client certificate into the header of the HTTP session

Hello group,     I do not have much experience in creating iRules and I need to set an iRule to an https virtual server type with client certificate authentication. The iRule should do the...
application delivery
dev
devops
iRules
hooleylist's avatar
hooleylist
Icon for Cirrostratus rankCirrostratus
Oct 24, 2008
There is a codeshare example which should work to insert the cert in a header:

http://devcentral.f5.com/wiki/default.aspx/iRules/InsertCertInServerHeaders.html 

 
 when CLIENTSSL_CLIENTCERT { 
    set time to maintain session data (in seconds) 
   set session_timeout 7200 
  
   set ssl_cert [SSL::cert 0] 
   set ssl_errstr [X509::verify_cert_error_string [SSL::verify_result]] 
   set ssl_stuff [list $ssl_cert $ssl_errstr] 
   session add ssl [SSL::sessionid] $ssl_stuff $session_timeout 
 } 
  
 when HTTP_REQUEST { 
   set ssl_stuff2 [session lookup ssl [SSL::sessionid]] 
   set ssl_cert2 [lindex $ssl_stuff2 0] 
   set ssl_errstr2 [lindex $ssl_stuff2 1] 
   if { $ssl_errstr2 eq "ok" } { 
     HTTP::header insert SSLClientCertStatus $ssl_errstr2 
     HTTP::header insert SSLClientCertSN [X509::serial_number $ssl_cert2] 
     HTTP::header insert SSLClientCertb64 [b64encode $ssl_cert2] 
   } else { 
      send HTTP 302 redirect to an error page 
     HTTP::redirect "http://192.168.0.64/error.html" 
   } 
 }

You could enable the checkbox on the HTTP profile for X-Forwarded-For to insert this header. Or you could add it to the above rule:

HTTP::header insert X-Forwarded-For [IP::client_addr]

Aaron