Forum Discussion

jondyke_46152's avatar
Icon for Nimbostratus rankNimbostratus
Jan 21, 2011

OCSP validation and thumbprint passing in header

I currenlty have a website setup that uses two mechanisms for logon. The first mechanism is just a user name and password that is validated against a database, the second mechansism is that the client can associate a client certificate (issuesd by an external party - Unipass) to their account so they do not have to enter their details each time. Currenlty we use a passthrough irule on this website, however I was wondering if it was possible to do the following:-



Get the F5 to offload and handle OCSP validation of the client certificate.



If the certificate is valid put the thumbprint of the cert into the header that is sent on to the web server (the web server code then processes the tumbprint and checks against the account database.)



If it is not valid the F5 then redirect to an error page on a web server.




I am pretty sure that this must be achievalble with irules although the ones I have written are to be fair fairly basic so any pointers in whether this is possible and how to go about this would be greatly appreciated.



Many Thanks,





2 Replies

  • Hi Jon,



    I think we discussed this issue here:





  • Hi Jon,


    Do you have any more details for Unipass certificate validation on F5 side ? this validation should happen in some rule ?