Problem inserting client cert

Question

Hello,&nbsp;
&nbsp;I am trying to implement SOL5171, where I insert a client certificate into the header of an HTTP session. &nbsp;
&nbsp;Here is the iRule:&nbsp;
&nbsp;when HTTP_REQUEST {
&nbsp;if {[SSL::cert count] &gt; 0} {
&nbsp;HTTP::header replace SSLClientCert [b64encode [SSL::cert 0]]
&nbsp;}
&nbsp;}&nbsp;
&nbsp;I have configured the SSL Client, and configured my virutal server to use the iRule resouce. However, when I get to the web page and look at the source, I do not see client certificate.&nbsp;
&nbsp;Thanks&nbsp;
&nbsp;Gordon

deb_allen_18 · Answer

Hi Gordon,&nbsp;
&nbsp;There's a known issue with the SSL::cert values not traversing the events as expected.  &nbsp;
&nbsp;To work around this problem, you'll need to save the cert into the session table in the CLIENTSSL_CLIENTCERT event, then retrieve it in the HTTP_REQUEST event, as in these posts:&nbsp;
&nbsp;http://devcentral.f5.com/Default.aspx?tabid=53&amp;view=topic&amp;forumid=5&amp;postid=13968 (Click here)
&nbsp;http://devcentral.f5.com/Default.aspx?tabid=53&amp;forumid=5&amp;view=topic&amp;postid=13667 (Click here)&nbsp;
&nbsp;(I believe that the encoding and header/footer manipulation requirements will depend on the type of certificate presented.)&nbsp;
&nbsp;HTH
&nbsp;/deb

Forum Discussion

Problem inserting client cert

Recent Discussions

BIG-IP Oauth Client and AS

F5 BOT DEFENSE AWAF blocked some legitimate browsers

Advice to partial rename uri path

In Radius auth, how to allow second attempt of token input when the first input is incorrect?

Submenus missing in ASM Security Tab

Related Content

Security Headers Insertion

Inserting a http header on the response to the client

Insert Client Certificate In Serverside HTTP Headers

Forwarded HTTP Extension Insertion (RFC 7239)

Integrate BIG-IP with AWS CloudWAN Service Insertion

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS