Forum Discussion

Nimbostratus

Dec 09, 2009

ssl cer pass through rule

I am getting the following error messages with the irule below : Wed Dec 9 13:26:24 EST 2009 tmm tmm[1608] 01220001 TCL error: client_cer_pass_thre_2 CLIENTSSL_CLIENTCERT - while ex...

Cirrostratus

Dec 09, 2009

Hi Al,

I'd guess the client isn't actually presenting a cert and so there isn't valid output from the first X509 command. Can you log the string length of $cert when the error occurs? Or if you're not able to reproduce the error at will, you could add logic to prevent the issue from happening:

 
 when CLIENTSSL_CLIENTCERT { 
  
     Check if the cert output isn't null 
    if {[SSL::cert 0] ne ""}{ 
  
       set cert [SSL::cert 0] 
       set sn [X509::serial_number $cert] 
       set subject [X509::subject $cert] 
       set issuer [X509::issuer $cert] 
       set version [X509::version $cert] 
       session add uie [SSL::sessionid] [list $sn $issuer $subject $version] 1800 
    } 
 }

Aaron

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

ssl cer pass through rule

AppWorld Berlin iRules Contest!

F5 AppWorld 2026 Las Vegas - iRules Contest Winners!

Recent Discussions

Changes to DO and AS3 GitHub - no longer monitored

SSL Forward Proxy, iRules and Client Hello

monitor/healthcheck issue with envoy gateway

Recommendation for Adv. Lab

How to Verify config before loading to F5

Related Content

Passing Arguments to iCall Scripts

F5 Distributed Cloud Origin Server Subset Rules

Free Passes to AppWorld 2025 – First Come, First Served!

LTM Cipher rule

F5 Rules for AWS WAF - Rule ID to Attack Type Reference

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS