Forum Discussion

Nimbostratus

Feb 06, 2015

Is anybody can correct this irule syntaxe. Thanks

when CLIENTSSL_CLIENTCERT { if {[SSL::cert count] > 0}{ set client_cert [SSL::cert 0] set CLIENT “[ join [string trim [string map { “—–BEGIN CERTIFICATE—–” “” “—–END CERTIFICATE—–” “”} [X509::whole $...

application delivery

BIG-IP Access Policy Manager (APM)

Nimbostratus

Mar 21, 2018

I realize this is an old thread, but I tried following this today, and wondered why the need to remove then add back in the BEGIN and END certificate rather than just do something like:


HTTP::header insert "NSClientCert" [string trim [X509::whole [X509::whole [SSL::cert 0]]]

to replace 

set CLIENT "[join [string trim [string map {"--BEGIN CERTIFICATE--" "" "--END CERTIFICATE--" ""} [X509::whole $client_cert]]] ""]" 
        HTTP::header insert "NSClientCert" "—–BEGIN CERTIFICATE—– $CLIENT —–END CERTIFICATE—–"

I believe if you validate the [SSL::cert 0] at CLIENTSSL_CLIENTCERT, you don't need to add the insert header at the ClIENTSSL_CLIENTCERT and at HTTP_REQUEST, it seems redundant

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)