Forum Discussion

Kiran_Kumar's avatar
Icon for Nimbostratus rankNimbostratus
Aug 22, 2013

iRule to pass client ssl cert to the Application server(pool member)

Hi Friends,


Could you please assist me with an iRule to pass the client sslcert to the application server backend. I can think of an iRule passing info from certain fields in the ssl cert through the headers, but i am not sure how to pass on the entire cert itself to the application server. I would have done some research by my self, but given my time sensitive scenario, thought of seeking help from the group here. thank you for the help.


Regards KK


3 Replies

  • Hi KK,


    You can pass the client cert via a header as follows:


    HTTP::header insert "SSL_CLIENT_CERT" [X509::whole [SSL::cert 0]]


    This will add the cert in its PEM encoding.


  • what about proxy ssl?


    sol13385: Overview of the Proxy SSL feature



  • I would just add that the PEM format returned with [X509::whole [SSL::cert 0]] will have line breaks it. Example:

    ===== BEGIN CERTIFICATE =====
    ===== END CERTIFICATE =====

    that would probably cause problems as a single HTTP header. I'd recommend either re-base64-encoding that value, or simply base64-encode the raw binary certificate and shove that into the header.

    HTTP::header insert "SSL_CLIENT_CERT" [URI::encode [b64encode [SSL::cert 0]]]