Forum Discussion

Stanley_87566's avatar
Stanley_87566
Icon for Nimbostratus rankNimbostratus
Sep 06, 2012

iRule for certificate injection into the HTTP header

I tried below iRule according to McAfee KB for their MDM solution. But it seems not work, is there any sample on the VS, Pool config.? How to configure the F5 "request a certificate"? Is it only assi...
application delivery
dev
devops
iRules
Kevin_Stewart's avatar
Kevin_Stewart
Icon for Employee rankEmployee
Sep 06, 2012
At a minimum you need a client SSL profile applied to the VIP with the following characteristics:

Certificate - the server SSL certificate

Key - the server SSL key

Client Authentication Client Certificate - set to ignore

Client Authentication Trusted Certificate Authorities - set to the CA certificate (or chain) that can validate the client's certificate

Client Authentication Advertised Certificate Authorities - set to the CA certificate (or chain) to customize the browser's certificate choices

The above iRule could be simplified greatly if you just set the client SSL profile's Client Authentication Client Certificate to Request or Require. The profile now controls the request of client certificate and your iRule can look like this: 


when HTTP_REQUEST {
HTTP::header insert X-Client-Cert [b64encode [SSL::cert 0]]
}