Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions

iRule to pass client ssl cert to the Application server(pool member)

Kiran_Kumar
Nimbostratus
Nimbostratus

‎22-Aug-2013 16:32

Hi Friends,

 

Could you please assist me with an iRule to pass the client sslcert to the application server backend. I can think of an iRule passing info from certain fields in the ssl cert through the headers, but i am not sure how to pass on the entire cert itself to the application server. I would have done some research by my self, but given my time sensitive scenario, thought of seeking help from the group here. thank you for the help.

 

Regards KK

 

0 Kudos
3 REPLIES 3

Ken_49643
Nimbostratus
Nimbostratus

‎22-Aug-2013 16:47

Hi KK,

 

You can pass the client cert via a header as follows:

 

HTTP::header insert "SSL_CLIENT_CERT" [X509::whole [SSL::cert 0]]

 

This will add the cert in its PEM encoding.

 

0 Kudos

nitass
F5 Employee
F5 Employee

‎22-Aug-2013 16:56

what about proxy ssl?

 

sol13385: Overview of the Proxy SSL feature

 

http://support.f5.com/kb/en-us/solutions/public/13000/300/sol13385.html

 

0 Kudos

Kevin_Stewart
F5 Employee
F5 Employee

‎22-Aug-2013 17:02 - last edited on ‎01-Jun-2023 12:10 by Fog

I would just add that the PEM format returned with [X509::whole [SSL::cert 0]] will have line breaks it. Example:

===== BEGIN CERTIFICATE =====
Hdurhdudjdushshsjejdushdudjs
Hsueyejsusuatagsidushsusjsjdu
...
===== END CERTIFICATE =====

that would probably cause problems as a single HTTP header. I'd recommend either re-base64-encoding that value, or simply base64-encode the raw binary certificate and shove that into the header.

HTTP::header insert "SSL_CLIENT_CERT" [URI::encode [b64encode [SSL::cert 0]]]
0 Kudos
Copyright © 2023 Khoros, LLC