cancel
Showing results for 
Search instead for 
Did you mean: 
Login & Join the DevCentral Connects Group to watch the Recorded LiveStream (May 12) on Basic iControl Security - show notes included.

Client SSL profile based on uri

VishnuVG
Nimbostratus
Nimbostratus

Hello team,

 

I have two client ssl profile one with client authentication and another without client authentication, can we select these profiles based on uri?

F5 OS version 14.1.2

 

I tried with iRule for SSL::cert mode request but the browser not requesting for the certificate.

 

when CLIENTSSL_CLIENTCERT {

set ssl_cert [SSL::cert 0]

}

when HTTP_REQUEST {

  if { [string tolower [HTTP::uri]] starts_with "/test" }

    { 

      HTTP::collect

      SSL::authenticate always

      SSL::authenticate depth 9

      SSL::cert mode request

      SSL::renegotiate

      HTTP::header insert clientcert "[IP::client_addr]:[TCP::client_port]: cert 0; subject=[X509::subject [SSL::cert 0]];[X509::issuer [SSL::cert 0]]; cert_serial=[X509::serial_number [SSL::cert 0]];"

    }

  }

1 REPLY 1

Hello VishnuVG.

 

Use require instead of request.

 

This example should suit your requirements.

REF - https://clouddocs.f5.com/api/irules/SSL__renegotiate.html

 

Regards,

Dario.

Regards,
Dario.