TCL error: Rule Client_cert_in_HTTP_Header2 - while executing "X509::whole $c_cert"

Question

Hello, &nbsp;
&nbsp;we need to forward client ssl cert via http header, here is the sample Irule defined: &nbsp;
&nbsp;when HTTP_REQUEST {&nbsp;
&nbsp;  set client_cert [SSL::cert 0]&nbsp;
&nbsp;  log local0. "SSL-Parameter: [SSL::cipher name] Cipher Name"&nbsp;
&nbsp;  log local0. "SSL-Parameter: [SSL::cipher version] Cipher Version"&nbsp;
&nbsp;  log local0. "SSL-Parameter: [SSL::cipher bits] Cipher Bits"&nbsp;
&nbsp;  log local0. "SSL-Parameter: [SSL::sessionid] Session ID"&nbsp;
&nbsp;  log local0. "SSL-Parameter: [X509::subject $client_cert] ClientCert" &nbsp;
&nbsp;  HTTP::header insert ClientCertSubject [X509::whole $client_cert] }&nbsp;
&nbsp;unfortunatly the irule doesn't work we have the following error: &nbsp;
&nbsp;Sep 27 12:33:42 tmm tmm[731]: Rule Pippo : SSL-Parameter: RC4-MD5 Cipher Name
&nbsp;Sep 27 12:33:42 tmm tmm[731]: Rule Pippo : SSL-Parameter: TLSv1 Cipher Version
&nbsp;Sep 27 12:33:42 tmm tmm[731]: Rule Pippo : SSL-Parameter: 128 Cipher Bits
&nbsp;Sep 27 12:33:42 tmm tmm[731]: Rule Pippo : SSL-Parameter: 65e0c25a6772a3d0a3abf3175bfc9ed9bad092af746e840ed341716922f2bae
&nbsp;Sep 27 12:33:42 tmm tmm[731]: Rule Pippo : SSL-Parameter: /C=IT/ST=milano/L=milano/O=ugis/OU=Middleware Network/CN=usw11501.esp.internal.usinet.it/emailAddress=ivanovic.mascherpa@ugis.unicredit.it ClientCert
&nbsp;Sep 27 12:33:42 tmm tmm[731]: Rule Pippo : SSL-Parameter: RC4-MD5 Cipher Name
&nbsp;Sep 27 12:33:42 tmm tmm[731]: Rule Pippo : SSL-Parameter: TLSv1 Cipher Version
&nbsp;Sep 27 12:33:42 tmm tmm[731]: Rule Pippo : SSL-Parameter: 128 Cipher Bits
&nbsp;Sep 27 12:33:42 tmm tmm[731]: Rule Pippo : SSL-Parameter: 65e0c25a6772a3d0a3abf3175bfc9ed9bad092af746e840ed341716922f2bae
&nbsp;Sep 27 12:33:42 tmm tmm[731]: Rule Pippo : SSL-Parameter: /C=IT/ST=milano/L=milano/O=ugis/OU=Middleware Network/CN=usw11501.esp.internal.usinet.it/emailAddress=ivanovic.mascherpa@ugis.unicredit.it ClientCert
&nbsp;Sep 27 12:33:42 tmm tmm[731]: Rule Pippo : SSL-Parameter: RC4-MD5 Cipher Name
&nbsp;Sep 27 12:33:42 tmm tmm[731]: Rule Pippo : SSL-Parameter: TLSv1 Cipher Version
&nbsp;Sep 27 12:33:42 tmm tmm[731]: Rule Pippo : SSL-Parameter: 128 Cipher Bits
&nbsp;Sep 27 12:33:42 tmm tmm[731]: Rule Pippo : SSL-Parameter: 65e0c25a6772a3d0a3abf3175bfc9ed9bad092af746e840ed341716922f2bae
&nbsp;Sep 27 12:33:42 tmm tmm[731]: 01220001:3: TCL error: Rule Pippo  -      while executing "X509::whole $client_cert"&nbsp;
&nbsp;Please can you help ?&nbsp;
&nbsp;Thanks a lot 
&nbsp;Riz&nbsp;&nbsp;&nbsp;&nbsp;
&nbsp;

colin_walker_12 · Answer

It's interesting that in your log, the last entries, where the X509::whole command failed, there is no entry for the X509::subject command either. It seems as though the X509 commands didn't like the cert that got passed that time. Did something change?&nbsp;
&nbsp;Odd...&nbsp;
&nbsp;Colin

Forum Discussion

TCL error: Rule Client_cert_in_HTTP_Header2 - while executing "X509::whole $c_cert"

1 Reply

F5 Container Ingress Services (CIS) and using k8s traffic policies to send traffic directly to pods

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

F5 Software Downgrade from version 17.x.x to 15.x.x

Error diskmonitor

CPU utilization of F5OS on r2600

sslprovide (--f5 ssl) does not generate CLIENT/SERVER_TRAFFIC_SECRET on server-side TLS traffic

Hardware replacement i2800 to r2600

Related Content

Re: TCL error on SSL certificate

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS