Forum Discussion

Nimbostratus

Apr 06, 2005

SSL cert verify TCL error?

I have the following iRule: when CLIENTSSL_HANDSHAKE { set cert [SSL::cert 0 ] } when HTTP_REQUEST { set stuff [X509::subject $cert ] if { [matchclas...

Historic F5 Account

Apr 06, 2005

How about something like this ...

when HTTP_REQUEST {   
       if {[SSL::cert count] == 0} {       
           reject   
       } else {   
           set subject [X509::subject [SSL::cert 0 ]]   
           if { [matchclass $subject contains $::merlin] } {   
              use pool test-sun    
           }   
       }   
   }

Alternatively you could modify your CLIENTSSL_HANDSHAKE to look like this ...

when CLIENTSSL_HANDSHAKE {    
       if {[SSL::cert count] > 0} {       
           set cert [SSL::cert 0 ]   
       }    
   }

I am still a little baffled as to why "info exists" failed. I will do some testing tomorrow to try and find out why.

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

SSL cert verify TCL error?

AppWorld 2026: Save the Date and Join Our Community In Person!

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

Is it possible to create a Single Pool with multiple ports ?

F5 object groups in AFM

Round-robin method not load balanced

F5 ASM with fortisandbox

Disabling signature for a URL

Related Content

Verifying Local Traffic Policy and iRule Precedence

Verified Design: SSL Orchestrator with McAfee Web Gateway-Part 1

Capturing load sys config verify errors to a file

Verified Design: SSL Orchestrator with Palo Alto NGFW Virtual Edition-Part 1

Verifying Slack Requests with Mutual TLS

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS