Forum Discussion

Chris_Phillips's avatar
Chris_Phillips
Icon for Nimbostratus rankNimbostratus
Sep 15, 2020

Picking client cert to send based on issuer of server cert

Hi, we need to change our client certificate we're sending to a third party based on the issue of the cert they send us. Is this possible on 11.6.2? I thought I could use the SERVERSSL_SERVERCERT events and if it all looks validates against a combined CA, take the SSL::issuer value into a switch statement and use SSL::profile to attache the right profile that references the right client cert to it.

 

1) There are warnings that this is slow, as you'll need to renegotiate / reload ca files

2) SERVERSSL_SERVERCERT might not even exist until v13?

3) SERVERSSL_SERVERHELLO definitely exists in v11.6, but only SSL::extensions is available, even though we shoudl have the cert by then?

No RepliesBe the first to reply