Forum Discussion

Nimbostratus

Aug 24, 2005

Problem with Certificate Hash verification

Hi all. I'm having a problem with verifying connections to a particular proxy that "requires" a client cert. The proxy is inserting the Certificate Serial Number and Certificate Hash into th...

Historic F5 Account

Sep 12, 2005

Derek,

to troubleshoot your problem add to your rule logging of the cert hash extracted from the header, like this:


if (http_header("SSLClientCertSerialNumber") == one of Cert_SN and     
http_header("SSLClientCertHash") == one of Cert_Hash) {
  log "MutualSSL accepted from:${client_addr} hash: " + http_header("SSLClientCertHash")
  use pool web-pool
}
else {
  log "MutualSSL Denied from:${client_addr} hash: " + http_header("SSLClientCertHash")
  discard
}

That will allow you to find out what you need to match.

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)