Forum Discussion
yeser
Nimbostratus
NimbostratusWindows 2k3. request cert via ssl profile OK but via iRule KO
Hi,
I have a problem with a W2K3 Server Standard Edition.
If I request (or require) an user cert using a SSL profile everything is OK, but using this iRule, IE6, IE7 and Firefox don't prompt me to select a user certificate.
when HTTP_REQUEST {
HTTP::collect
SSL::cert mode request
SSL::renegotiate
}
when CLIENTSSL_HANDSHAKE {
HTTP::release
}
In fact, I don't find any iRule that prompt me for a user cert with W2K3.
Any known bug with this system??
Thanks!!
- There isn't a bug that directly relates to those commands that I can recall, though I'll go dig through some CRs.
What is it you're trying to accomplish? If all you're trying to do is request the cert, I don't think you'd need the collect and release commands. Is there a reason those are added?
Colin 
yeserThe actual iRule is harder:
when CLIENT_ACCEPTED {
set collecting 0
set renegtried 0
}
when HTTP_REQUEST {
if { $renegtried == 0
and [SSL::cert count] == 0
and [HTTP::uri] starts_with
"/XXXXXXX" } {
HTTP::collect
set collecting 1
SSL::cert mode request
SSL::renegotiate
}
}
when CLIENTSSL_HANDSHAKE {
if { $collecting == 1 } {
set renegtried 1
HTTP::release
}
}
when HTTP_REQUEST_SEND {
clientside {
if { [SSL::cert count] > 0 } {
HTTP::header insert "auth-cert" [X509::whole [SSL::cert 0]]
}
}
}
This iRule is working OK on all SO but on W2K3 and IE6 & 7. So I try the easiest iRule to request or require a cert on W2K3 and it doesn't work:
when HTTP_REQUEST {
SSL::cert mode request
}
Any idea?? i don't find anything on askf5.
Thanks