Forum Discussion
James_D__376338
Nimbostratus
NimbostratusUsing iRule to prompt for Client SSL Cert
Currently we have it configured where the Client SSL profile Requests once for a cert, which prompts the user to authenticate with their piv. This is causing issues with a few edge cases. What I wou...
when CLIENTSSL_CLIENTCERT { HTTP::release if { [SSL::cert count] < 1 } { reject } } when HTTP_REQUEST { if { ([URI::query [HTTP::uri]] contains "auth=x509") || ([URI::query [HTTP::uri]] contains "auth=auth2") }{ if { [SSL::cert count] < 1}{ HTTP::collect SSL::authenticate always SSL::authenticate depth 9 SSL::cert mode require SSL::renegotiate } } } when HTTP_REQUEST_SEND { clientside { if { [SSL::cert count] > 0 } { HTTP::header insert "SSLClientCertStatus" [X509::verify_cert_error_string [SSL::verify_result]] HTTP::header insert "SSLClientCertSerialNumber" [X509::serial_number [SSL::cert 0]] HTTP::header insert "SSLClientCertSubject" [X509::subject [SSL::cert 0]] HTTP::header insert "SSLClientCert" [X509::whole [SSL::cert 0]] } } }
James_D__376338Nimbostratus
Nimbostratuswhen CLIENTSSL_CLIENTCERT {
HTTP::release
if { [SSL::cert count] < 1 } {
reject
}
}
when HTTP_REQUEST {
if { ([URI::query [HTTP::uri]] contains "auth=x509") || ([URI::query [HTTP::uri]] contains "auth=auth2") }{
if { [SSL::cert count] < 1}{
HTTP::collect
SSL::authenticate always
SSL::authenticate depth 9
SSL::cert mode require
SSL::renegotiate
}
}
}
when HTTP_REQUEST_SEND {
clientside {
if { [SSL::cert count] > 0 } {
HTTP::header insert "SSLClientCertStatus" [X509::verify_cert_error_string [SSL::verify_result]]
HTTP::header insert "SSLClientCertSerialNumber" [X509::serial_number [SSL::cert 0]]
HTTP::header insert "SSLClientCertSubject" [X509::subject [SSL::cert 0]]
HTTP::header insert "SSLClientCert" [X509::whole [SSL::cert 0]]
}
}
}