iRule for certificate injection into the HTTP header

I should mention that the most significant difference between your iRule and mine, aside from size, is that your iRule triggers an SSL re-negotiation to get the client certificate if the user attempts to access /Trust. If that's what you need then your iRule should work just fine and you'd want to set the Client Authentication to "ignore" in the client SSL profile.

 

 

Are you asking how to request all three, or some specific certificate from the devices? An SSL re/negotiation is only going to be able to request a single certificate. Which certificate you request depends entirely on the client application and the trusted certificate authorities and advertized certificate authorities properties of the client SSL profile.