Forum Discussion
1 Reply
Sort By
- hooleylistCirrostratusIf you want to send an HTTP response when no client cert is provided, you would need to set the client cert mode to request on the client SSL profile. You could then use an iRule like this:
when HTTP_REQUEST { Check if there is more than one client cert if {[SSL::cert count] > 0}{ Check if there was no error in validating the client cert against LTM's server cert if { [SSL::verify_result] == 0 }{ Exit this event in this iRule return } else { Use the SSL status code in the HTTP response (defined here: http://www.openssl.org/docs/apps/verify.htmlDIAGNOSTICS) set error_string [X509::verify_cert_error_string [SSL::verify_result]] } } else { set error_string "No client certificate provided" } If we are still executing this iRule, the client did not present a cert or did not present a valid cert HTTP::respond 403 content "Invalid client certificate: $error_string" }