TCL error: Rule Client_cert_in_HTTP_Header2 - while executing "X509::whole $c_cert"

Question

Hello, &nbsp;
&nbsp;we need to forward client ssl cert via http header, here is the sample Irule defined: &nbsp;
&nbsp;when HTTP_REQUEST {&nbsp;
&nbsp;  set client_cert [SSL::cert 0]&nbsp;
&nbsp;  log local0. "SSL-Parameter: [SSL::cipher name] Cipher Name"&nbsp;
&nbsp;  log local0. "SSL-Parameter: [SSL::cipher version] Cipher Version"&nbsp;
&nbsp;  log local0. "SSL-Parameter: [SSL::cipher bits] Cipher Bits"&nbsp;
&nbsp;  log local0. "SSL-Parameter: [SSL::sessionid] Session ID"&nbsp;
&nbsp;  log local0. "SSL-Parameter: [X509::subject $client_cert] ClientCert" &nbsp;
&nbsp;  HTTP::header insert ClientCertSubject [X509::whole $client_cert] }&nbsp;
&nbsp;unfortunatly the irule doesn't work we have the following error: &nbsp;
&nbsp;Sep 27 12:33:42 tmm tmm[731]: Rule Pippo : SSL-Parameter: RC4-MD5 Cipher Name
&nbsp;Sep 27 12:33:42 tmm tmm[731]: Rule Pippo : SSL-Parameter: TLSv1 Cipher Version
&nbsp;Sep 27 12:33:42 tmm tmm[731]: Rule Pippo : SSL-Parameter: 128 Cipher Bits
&nbsp;Sep 27 12:33:42 tmm tmm[731]: Rule Pippo : SSL-Parameter: 65e0c25a6772a3d0a3abf3175bfc9ed9bad092af746e840ed341716922f2bae
&nbsp;Sep 27 12:33:42 tmm tmm[731]: Rule Pippo : SSL-Parameter: /C=IT/ST=milano/L=milano/O=ugis/OU=Middleware Network/CN=usw11501.esp.internal.usinet.it/emailAddress=ivanovic.mascherpa@ugis.unicredit.it ClientCert
&nbsp;Sep 27 12:33:42 tmm tmm[731]: Rule Pippo : SSL-Parameter: RC4-MD5 Cipher Name
&nbsp;Sep 27 12:33:42 tmm tmm[731]: Rule Pippo : SSL-Parameter: TLSv1 Cipher Version
&nbsp;Sep 27 12:33:42 tmm tmm[731]: Rule Pippo : SSL-Parameter: 128 Cipher Bits
&nbsp;Sep 27 12:33:42 tmm tmm[731]: Rule Pippo : SSL-Parameter: 65e0c25a6772a3d0a3abf3175bfc9ed9bad092af746e840ed341716922f2bae
&nbsp;Sep 27 12:33:42 tmm tmm[731]: Rule Pippo : SSL-Parameter: /C=IT/ST=milano/L=milano/O=ugis/OU=Middleware Network/CN=usw11501.esp.internal.usinet.it/emailAddress=ivanovic.mascherpa@ugis.unicredit.it ClientCert
&nbsp;Sep 27 12:33:42 tmm tmm[731]: Rule Pippo : SSL-Parameter: RC4-MD5 Cipher Name
&nbsp;Sep 27 12:33:42 tmm tmm[731]: Rule Pippo : SSL-Parameter: TLSv1 Cipher Version
&nbsp;Sep 27 12:33:42 tmm tmm[731]: Rule Pippo : SSL-Parameter: 128 Cipher Bits
&nbsp;Sep 27 12:33:42 tmm tmm[731]: Rule Pippo : SSL-Parameter: 65e0c25a6772a3d0a3abf3175bfc9ed9bad092af746e840ed341716922f2bae
&nbsp;Sep 27 12:33:42 tmm tmm[731]: 01220001:3: TCL error: Rule Pippo  -      while executing "X509::whole $client_cert"&nbsp;
&nbsp;Please can you help ?&nbsp;
&nbsp;Thanks a lot 
&nbsp;Riz&nbsp;&nbsp;&nbsp;&nbsp;
&nbsp;

colin_walker_12 · Answer

It's interesting that in your log, the last entries, where the X509::whole command failed, there is no entry for the X509::subject command either. It seems as though the X509 commands didn't like the cert that got passed that time. Did something change?&nbsp;
&nbsp;Odd...&nbsp;
&nbsp;Colin

Forum Discussion

TCL error: Rule Client_cert_in_HTTP_Header2 - while executing "X509::whole $c_cert"

Recent Discussions

AS3 Limitations

Unable to install firmware OS and drop at 10%

Statistics ›› Analytics : HTTP : Overview

How to Renew F5 Device Certificate

F5 ASM CEF Sending Logs in Specific TimeZone

Related Content

Re: TCL error on SSL certificate

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS