Need to Pass Cert_Cookie server variable

In a quick search, I couldn't find any specific explanation of what the CERT_COOKIE CGI variable is parsed from. This seems to be the stock explanation most sites have:

 

 

 

http://msdn2.microsoft.com/en-us/library/ms525581.aspx

 

 

CERT_COOKIE - Unique ID for the client certificate, returned as a string. This can be used as a signature for the whole client certificate.

 

 

 

 

In a quick test using a page which echoes the CGI variables, I set a cookie and header named cert and certificate. But the CERT_COOKIE CGI variable was never set by the web server.

 

 

So I would guess that this value is generated by parsing the actual client certificate presented by the client to the web server. Since the BIG-IP to server connection doesn't use a client cert, that CGI variable would always be empty.

 

 

Do you have the ability to modify the web application so it reads the cert details from the custom header(s) you're inserting, instead of depending on the stock CGI variable?

 

 

 

Also, it would be more efficient to use string map versus the regsub to replace colons with hyphens:

 

 

old

 

HTTP::header insert SSLClientCertSN [regsub -all {:} [X509::serial_number $the_cert] -]

 

 

new

 

HTTP::header insert SSLClientCertSN [string map {: -} [X509::serial_number $the_cert]

 

 

Aaron