John_Deckers
May 24, 2018Nimbostratus
Is SSL::cert populated when using APM "On-Demand Cert Auth"?
Hi!
I have configured client cert authentication using APM and its On-Demand Cert Auth action. I would like to retrieve the client certificate in an iRule event (HTTP_REQUEST) using SSL::cert command.
In the end, I am going to hash the certificate to produce the thumbprint. As I need to the binary form of the certificate, I will not use APM session variable for this.
if { [SSL::cert count] > 0 } {
binary scan [sha1 [SSL::cert 0]] H* cert_thumbprint
}
Unfortunately, SSL::cert count remains 0 as if SSL::cert was not populated after the On-Demand action!? This issue does not happen when client cert authentication is performed right from a client ssl profile without APM.
Do I have to look to another event in the iRule to get an SSL::cert object populated? Something else?
Regards,
John.