Forum Discussion

Nimbostratus

Nov 12, 2014

Looking for an Irule to enforce ssl client authentication and then pass ssl certificate details to the backend server

Hi I used the below irlue: when CLIENTSSL_CLIENTCERT { log local0. "start CLIENTSSL_CLIENTCERT" set the_cert [SSL::cert 0] set pkiSubject [X509::subject $the_cert] set pkiIssuer [X509::issuer $the_ce...

Nimbostratus

Mar 07, 2019

This is not an answer but a comment: Just note that the solution using ‘insert’ contains a vulnerability where the cert header info can be manipulated. To correct use 'header replace'

Ex. HTTP::header replace SSLClientCertSN [lindex $session_data 2]

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)