Read SSL certificate from http header?

Question

I am sending 2 SSL certs from my app to the load balancer&nbsp;
The standard SSL certA required client certificate I generated, and put the Authority on the F5
In the SSL profile, I enable "Client Authentication" and everything is happy.&nbsp;
However, I have a special case now where I want to send the client certificate to the F5 via a header parameter like: &nbsp;

xmlhttp.setRequestHeader('X-Client-Certificate', Certificate_In_Base64);&nbsp;

Does anyone know if it's possible for the F5 to accept SSL certificates (specifically the client cert) in a non-standard way like iRule that lets me read it from the http header?&nbsp;
Thanks!&nbsp;

petewhite · Answer

Yes, it certainly sounds feasible to send the certificate in a header ( assuming it is not over the size limit ). Within an iRule you would use HTTP:header.&nbsp;
What do you want to do with it once it has been sent?&nbsp;

amit_karnik · Answer

You could potentially try to use the sideband feature to read the additional Cert. header from the request and then use it to validate against an external server endpoint, if that is a possibility.&nbsp;
I didnt follow the part where you mention that there are 2 connections. If the 2nd cert is in the header, it is still part of the 1st connection, or am I misinterpreting your setup ? &nbsp;

Forum Discussion

Read SSL certificate from http header?

2 Replies

Recent Discussions

Chrome V 124+ on MacOS - Virtual Server Access Issue

F5Access | MacOS Sonoma

Transaction looks successful but file not downloading

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

F5 Access Guard Deprecated: ZTA APM

Related Content

Read only account to read logs in cli

How To Read An F5 Security Advisory

Re: Management Certificate

My Security+ Certification Journey

Certifications for security professionals