Forum Discussion

jondyke_46152's avatar
jondyke_46152
Icon for Nimbostratus rankNimbostratus
Jan 24, 2011

pass through client certificate irule

I am currenlty using the irule below for performing SSL passthrough on traffic. Is there any way I could midify this irule so that it only passed through SSL traffic that has a client certificate at...
application delivery
dev
devops
iRules
jondyke_46152's avatar
jondyke_46152
Icon for Nimbostratus rankNimbostratus
Jan 25, 2011
Thanks for the responses.

 

 

APM would sort out many of my issues (I could do all of my certificate OCSP handling on the LTM and pass through my certs in the header) but it is not a cheap option and not an easy one to convince the folk with the purse strings to purchase.

 

 

The reason for asking this question is that we already use the passthrough irule to pass trafiic directly to the servers, however only 20% of the clients actually use the certificate logon option. I was looking to see if there was a way of offloading trafic that is not using client certificates as otherwise this particular site is not really taking full advantage of the LTM.

 

 

Chris - you made a valid point about the fact that we would have to decrypt the traffic before we could actually identify if it had a client cert anyway so I am guessing this would be a little more complex than I first thought. Not to worry I was just wandering if there was a quick fix - it appears not.

 

 

Thanks for your help.