cancel
Showing results for 
Search instead for 
Did you mean: 
Login & Join the DevCentral Connects Group to watch the Recorded LiveStream (May 12) on Basic iControl Security - show notes included.

Picking client cert to send based on issuer of server cert

Chris_Phillips
Nimbostratus
Nimbostratus

Hi, we need to change our client certificate we're sending to a third party based on the issue of the cert they send us. Is this possible on 11.6.2? I thought I could use the SERVERSSL_SERVERCERT events and if it all looks validates against a combined CA, take the SSL::issuer value into a switch statement and use SSL::profile to attache the right profile that references the right client cert to it.

 

1) There are warnings that this is slow, as you'll need to renegotiate / reload ca files

2) SERVERSSL_SERVERCERT might not even exist until v13?

3) SERVERSSL_SERVERHELLO definitely exists in v11.6, but only SSL::extensions is available, even though we shoudl have the cert by then?

0 REPLIES 0