Forum Discussion
5 Replies
Sort By
- ekanathdas_2662NimbostratusShould the below work?
- hooleylistCirrostratusThat looks good. Make sure to check that there is a cert before trying to parse it as you'll get a runtime error and TCP reset if you don't and the client doesn't present a client cert in the handshake.
when CLIENTSSL_CLIENTCERT { if {[SSL::cert count] > 0}{ set cert [SSL::cert 0] set subject [string tolower [X509::subject $cert]] set clientIP [IP::client_addr] if { $subject contains "cn=abcd.com" } { pool abcd } { log local0. "cert CN valid" } else { log $clientIP log local0. "cert CN not valid" reject } } }
- ekanathdas_2662NimbostratusThanks Aaron, a lot.
- ekanathdas_2662NimbostratusUpon accessing the site with a valid cert, the client machine never makes to the site. Looks like the packets are dropped during the negotiation. Anything more I need to edit in the irule.
- ekanathdas_2662NimbostratusPlease ignore my previous posting on 06/07/2012 08:49 PM