Forum Discussion

jlekt_135663's avatar
jlekt_135663
Icon for Nimbostratus rankNimbostratus
Oct 24, 2013

Send data of certificate over an head http with an iRule

Please i want to know how can i send the data of certificate over an http headre with an iRule.  
application delivery
devops
iRules
Kevin_Stewart's avatar
Kevin_Stewart
Icon for Employee rankEmployee
Oct 24, 2013

I'm not 100% sure when the functionality changed, but please start with this:

when HTTP_REQUEST {
    HTTP::header replace CLIENTCERT [X509::subject [SSL::cert 0]]
}

This will send the certificate subject name in the CLIENTCERT header (an arbitrary name) to the server on each HTTP request. Make sure that the client SSL profile specifies request or require client certificate authentication, and that the Trusted Certificate Authorities option contains a certifying authority certificate (or bundle of CA certificates) that can validate the client's certificate.

Your Apache server should then be configured to look for this HTTP header in requests. Also notice that I used the HTTP::header replace command instead of HTTP::header insert. If you're going to be using the client certificate for authentication through an HTTP header, you want to make sure that the client cannot inject its own value. The replace function will overwrite anything that the client may send in the request.