iRule to compare Client Certificate with HTTP authentication

- I got many many errors, which tell me, that the "subject_dn" is empty, which I do not understand, because how can the iRule reach the "when HTTP_REQUEST" without a valid SSL client certificate presented, when the SSL profile is set to require the certificate??could it be 1200 seconds timeout?

 

 

Maybe anyone can point out some obvious errors or ways to do things more efficient (like the parsing of the cert subject).what version are you running? starting from 10.1.0, it is no longer needed to store client certificate in session table.

 

 

In BIG-IP versions prior to 10.1.0, it is necessary to store the client’s certificate in the session table because the SSL::cert iRule command returns information about the client’s certificate only during the TCP connection in which the certificate is actually presented. For example, if the client resumes an SSL session, the SSL::cert iRule command does not return any information.

 

 

Beginning in BIG-IP 10.1.0, the BIG-IP system automatically caches the client’s certificate along with the SSL session ID. Therefore, as of BIG-IP 10.1.0, it is no longer needed to store the client’s certificate in the session table.sol11479: If the session iRule command is used to add binary data to the session table, the data will be corrupted

 

http://support.f5.com/kb/en-us/solutions/public/11000/400/sol11479.html