Forum Discussion

yeser's avatar
yeser
Icon for Nimbostratus rankNimbostratus
Apr 14, 2008

Windows 2k3. request cert via ssl profile OK but via iRule KO

Hi,

 

 

I have a problem with a W2K3 Server Standard Edition.

 

 

If I request (or require) an user cert using a SSL profile everything is OK, but using this iRule, IE6, IE7 and Firefox don't prompt me to select a user certificate.

 

 

when HTTP_REQUEST {

 

HTTP::collect

 

SSL::cert mode request

 

SSL::renegotiate

 

}

 

when CLIENTSSL_HANDSHAKE {

 

HTTP::release

 

}

 

 

In fact, I don't find any iRule that prompt me for a user cert with W2K3.

 

 

Any known bug with this system??

 

 

Thanks!!

2 Replies

  • Colin_Walker_12's avatar
    Colin_Walker_12
    Historic F5 Account
    There isn't a bug that directly relates to those commands that I can recall, though I'll go dig through some CRs.

     

     

    What is it you're trying to accomplish? If all you're trying to do is request the cert, I don't think you'd need the collect and release commands. Is there a reason those are added?

     

     

    Colin
  • yeser's avatar
    yeser
    Icon for Nimbostratus rankNimbostratus
    The actual iRule is harder:

     

     

    when CLIENT_ACCEPTED {

     

    set collecting 0

     

    set renegtried 0

     

    }

     

    when HTTP_REQUEST {

     

    if { $renegtried == 0

     

    and [SSL::cert count] == 0

     

    and [HTTP::uri] starts_with

     

    "/XXXXXXX" } {

     

     

    HTTP::collect

     

    set collecting 1

     

    SSL::cert mode request

     

    SSL::renegotiate

     

    }

     

    }

     

    when CLIENTSSL_HANDSHAKE {

     

    if { $collecting == 1 } {

     

    set renegtried 1

     

    HTTP::release

     

    }

     

    }

     

     

    when HTTP_REQUEST_SEND {

     

    clientside {

     

    if { [SSL::cert count] > 0 } {

     

    HTTP::header insert "auth-cert" [X509::whole [SSL::cert 0]]

     

    }

     

    }

     

    }

     

     

     

     

     

    This iRule is working OK on all SO but on W2K3 and IE6 & 7. So I try the easiest iRule to request or require a cert on W2K3 and it doesn't work:

     

     

    when HTTP_REQUEST {

     

    SSL::cert mode request

     

    }

     

     

    Any idea?? i don't find anything on askf5.

     

     

    Thanks