For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Nuruddin_Ahmed_'s avatar
Nuruddin_Ahmed_
Icon for Cirrostratus rankCirrostratus
Sep 06, 2016

irule to pass the client authentication certificate to pool member

Hi,   I am using client certificate authentication with require option in one of the SSL profile. To the VS i have applied regular SSL profile which would offload the SSL. If the traffic would com...
application delivery
BIG-IP
LTM
Kai_Wilke's avatar
Kai_Wilke
Icon for MVP rankMVP
Sep 06, 2016

Hi Nuruddin,

to forward the X509v3 client certificate of a mutual SSL handshake you may use the iRule below as a starting point...

when CLIENTSSL_HANDSHAKE {
    if { [SSL::cert count] > 0 } then {
        set x509cert [b64encode [SSL::cert 0]]
    } else {
        set x509cert ""
    }
}
when HTTP_REQUEST {
    HTTP::header remove "X-CLIENT-X509v3"
    if { $x509cert ne "" } then {
        HTTP::header insert "X-CLIENT-X509v3" $x509cert
    } else {
        HTTP::header insert "X-CLIENT-X509v3" "None"
    }
}

Cheers, Kai