it seems to be okay on my firefox.
[root@ve1023:Active] config b virtual bar list
virtual bar {
snat automap
pool foo
destination 172.28.19.79:443
ip protocol 6
rules myrule
profiles {
http {}
myclientssl {
clientside
}
tcp {}
}
vlans external enable
}
[root@ve1023:Active] config b pool foo list
pool foo {
members 200.200.200.101:80 {}
}
[root@ve1023:Active] config b profile myclientssl list
profile clientssl myclientssl {
defaults from clientssl
ca file "ca.crt"
peer cert mode require
}
[root@ve1023:Active] config b class ncf-tls-poc.443-ValidCertificateSNs list
class ncf-tls-poc.443-ValidCertificateSNs {
"01"
}
[root@ve1023:Active] config b rule myrule list
rule myrule {
when CLIENTSSL_CLIENTCERT {
if { [SSL::cert count] == 0 } {
log local0. "No Client Certificate Provided - IP:[IP::client_addr]"
drop
} else {
log local0. "Client Certificate Recieved - IP:[IP::client_addr] Serial:[X509::serial_number [SSL::cert 0]]"
if { [class match -- [X509::serial_number [SSL::cert 0]] equals ncf-tls-poc.443-ValidCertificateSNs] } {
log local0. "Client Accepted - IP:[IP::client_addr] Serial:[X509::serial_number [SSL::cert 0]]"
} else {
log local0. "Client Rejected - IP:[IP::client_addr] Serial:[X509::serial_number [SSL::cert 0]]"
reject
}
}
}
when HTTP_REQUEST {
log local0. "[IP::client_addr]:[TCP::client_port]|[HTTP::header User-Agent]"
}
when HTTP_RESPONSE {
log local0. "[IP::client_addr]:[TCP::client_port]|[IP::remote_addr]:[TCP::remote_port]|[HTTP::status]"
}
}
[root@ve1023:Active] config cat /var/log/ltm
Nov 18 09:08:46 local/tmm info tmm[24220]: Rule myrule : Client Certificate Recieved - IP:192.168.204.7 Serial:01
Nov 18 09:08:46 local/tmm info tmm[24220]: Rule myrule : Client Accepted - IP:192.168.204.7 Serial:01
Nov 18 09:08:46 local/tmm info tmm[24220]: Rule myrule : 192.168.204.7:53485|Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.24) Gecko/20111103 Firefox/3.6.24
Nov 18 09:08:46 local/tmm info tmm[24220]: Rule myrule : 192.168.204.7:53485|200.200.200.101:80|200