Forum Discussion
Leszek_Majewsk1
Nimbostratus
NimbostratusiRule to require client certificate and validate it
I have limited possibilities to test the iRule because the business application is running via the F5... so can anyone help with this code (if there is no obvious syntax error):
when HTTP_RE...
Leszek_Majewsk1Nimbostratus
NimbostratusHi,
It is partially working. When the first "if" is true (URI match) then browser is displaying the message with certificates, I choose cert stored on my chip card. Then the PIN window appear, I enter the PIN code to the cert and then on the browser is message cannot display page. In the log generated by script itself there is entry NO cert. I tried even for this code proposed by F5: (I always get the message log:
"No cert found. Holding HTTP request until a client cert is presented..."
when CLIENT_ACCEPTED {
set session_flag 0
}
when CLIENTSSL_HANDSHAKE {
if { [SSL::cert count] != 0 } {
log "Client cert is OK; releasing HTTP request."
HTTP::release
}
}
when HTTP_REQUEST {
if { [HTTP::uri] starts_with "/polcard/" } {
log "Certificate required for: [HTTP::uri]"
if { [SSL::cert count] == 0} {
log "No cert found. Holding HTTP request until a client cert is presented..."
HTTP::collect
set session_flag 1
SSL::authenticate always
SSL::authenticate depth 9
SSL::cert mode require
SSL::renegotiate
}
else {
log "crt OK"
pool TestSSL
HTTP::release
}
}
else {
log "No certificate needed for: [HTTP::uri]"
pool Test
}
}
It looks like my cert cannot be retrieved from chip card. I use the same card and the same cert to authenticate on another web server and it is working. What is wrong??
