Forum Discussion

Nimbostratus

Apr 06, 2005

SSL cert verify TCL error?

I have the following iRule: when CLIENTSSL_HANDSHAKE { set cert [SSL::cert 0 ] } when HTTP_REQUEST { set stuff [X509::subject $cert ] if { [matchclas...

Historic F5 Account

Apr 06, 2005

You may want to try adding this:

 
 when HTTP_REQUEST { 
    if { [info exists cert] } { 
       ... your existing rule stuff... 
    } else { 
       log "No Cert presented" 
       reject 
    } 
 }

Basically, you have to remember there is no guarantee the client presented a certificate before sending an HTTP request.

The "info exists" command is Tcl's way of determining whether a variable has been previously set.

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

SSL cert verify TCL error?

AppWorld 2026: Save the Date and Join Our Community In Person!

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

F5 object groups in AFM

Round-robin method not load balanced

F5 ASM with fortisandbox

Disabling signature for a URL

Expired client-certificate

Related Content

Verifying Local Traffic Policy and iRule Precedence

Verified Design: SSL Orchestrator with McAfee Web Gateway-Part 1

Capturing load sys config verify errors to a file

Verified Design: SSL Orchestrator with Palo Alto NGFW Virtual Edition-Part 1

Verifying Slack Requests with Mutual TLS

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS