Technical Forum
Ask questions. Discover Answers.
Showing results for 
Search instead for 
Did you mean: 
Custom Alert Banner

Picking client cert to send based on issuer of server cert


Hi, we need to change our client certificate we're sending to a third party based on the issue of the cert they send us. Is this possible on 11.6.2? I thought I could use the SERVERSSL_SERVERCERT events and if it all looks validates against a combined CA, take the SSL::issuer value into a switch statement and use SSL::profile to attache the right profile that references the right client cert to it.


1) There are warnings that this is slow, as you'll need to renegotiate / reload ca files

2) SERVERSSL_SERVERCERT might not even exist until v13?

3) SERVERSSL_SERVERHELLO definitely exists in v11.6, but only SSL::extensions is available, even though we shoudl have the cert by then?