Forum Discussion

jlekt_135663's avatar
jlekt_135663
Icon for Nimbostratus rankNimbostratus
Oct 24, 2013

Send data of certificate over an head http with an iRule

Please i want to know how can i send the data of certificate over an http headre with an iRule.  
application delivery
devops
iRules
Kevin_Stewart's avatar
Kevin_Stewart
Icon for Employee rankEmployee
Oct 24, 2013

The easiest would probably be something like this:

HTTP::header replace CLIENTCERT [X509::subject [SSL::cert 0]]

This would send the certificate subject in the CLIENTCERT header. If you wanted to send the entire certificate, you'd want to base64/URI-encode it first for transit:

HTTP::header replace CLIENTCERT [URI::encode [b64encode [X509::whole [SSL::cert 0]]]]

You can also send the raw DER-encoded certificate, but you definitely need to base64/URI-encode it first:

HTTP::header replace CLIENTCERT [URI::encode [b64encode [SSL::cert 0]]]

I'm not sure when, but I believe prior to some version of 11, the SSL::cert value didn't persist across TCP sessions. If you notice that the header is blank, that'll be why. You'll alternatively need to store the SSL cert data in the session table and call it up on each HTTP request.