Request Client Certificate And Pass To Application

Problem this snippet solves: We are using BigIP to dynamically request a client certificate. This example differs from the others available in that it actually passes the x509 certificate to the ser...
Published Mar 18, 2015
Version 1.0
application delivery
devops
iRules
security
rob_carr's avatar
rob_carr
Icon for Cirrocumulus rankCirrocumulus
Mar 22, 2021

I think the OP meant that in the context of -this rule- the HTTP_REQUEST event handler fires before the CLIENTSSL_HANDSHAKE due to the SSL::renegotiate command.

  • John_Alam's avatar
    John_Alam
    Icon for Employee rankEmployee
    Dec 20, 2024

    This is correct.  The SSL::renegotiate sparks a new TLS handshake but this time the server "requests" a client cert according to this irule.  They could have "requested and required it" but they chose to just request it.
    This causes the browser to prompt the user to choose a client certificate from it store to submit.  After that a new HTTP request is also submitted.
    HTH