Forum Discussion
hooleylist
May 13, 2010Cirrostratus
Hi Bruce,
There was an improvement in 10.1.0 for client cert handling:
https://support.f5.com/kb/en-us/products/big-ip_ltm/releasenotes/product/relnote_10_1_0_ltm.html
Behavior changes in version 10.1.0
SSL::cert iRule commands (CR116806)
The following iRule commands now apply to the lifetime of the SSL session, and not only for the connection in which the system receives the client certificate:
SSL::cert GET_PEER_CERT
SSL::cert issuer GET_PEERCERTISSUER
SSL::cert count GET_PEER_CERTCOUNT
It looks like this functionality will eliminate the need to store the client cert (or cert details) in the session table.
Aaron