Forum Discussion
Sonny
May 14, 2010Cirrus
Yeah, the client is currently using this iRule to check the validity of the cert.:
when CLIENTSSL_CLIENTCERT {
log cron.warning [SSL::verify_result]
SSL::verify_result 0
log cron.warning [SSL::verify_result]
}
and from the logs...
May 13 08:55:30 tmm tmm[1249]: Rule XXXX-irule
: 26
May 13 08:55:30 tmm tmm[1249]: Rule XXXX-irule
: 0
and from the "26" code:
http://www.openssl.org/docs/apps/ve...IAGNOSTICS:
26 X509_V_ERR_INVALID_PURPOSE: unsupported certificate purpose the supplied certificate cannot be used for the specified purpose.
So what we want to do is try to come up with an iRule to look at the cert and then ignore the specific "extended key usage" field in the cert. Hope this helps... We could just get another cert BUT that $$$.