For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Josiah_46618's avatar
Josiah_46618
Icon for Nimbostratus rankNimbostratus
Feb 07, 2012

SSL events require an SSL profile...

Here is the error I am encountering:     01070394:3: CLIENTSSL_CLIENTCERT event in rule (Insert_Headers_SSL) requires an associated CLIENTSSL profile on the virtual server (Static_Web).   ...
application delivery
dev
devops
iRules
spark_86682's avatar
spark_86682
Historic F5 Account
Feb 07, 2012
Two possibilities:

 

 

1) Split your iRule into two (this doesn't mean you have to maintain two copies of the same/similar iRules). Have one iRule with just the HTTP-only parts and a second with just the SSL parts. For non-SSL vips, just apply the first iRule, and for SSL vips apply both iRules.

 

 

2) Stuff the SSL commands into a variable, and then use "eval" on that variable. That will hide them from the validation code. Of course, you'll still need to check for an SSL profile, otherwise those commands will error out. There should be several examples of this somewhere in the codeshare. I thought the proxypass iRule did this? Can't remember exactly.