yeser
Feb 14, 2008Nimbostratus
iRule to ask for client cert
Hi, i developed an iRule to ask for a certificate and insert it in a http header. All work properly but BIG IP asks for client certificate all time, on each click and each part of the same page. Default behaviour is authenticate ONCE (not always), but i specified it in the iRule. Any idea of the problem? help!
The iRule is:
when HTTP_REQUEST {
if { (not [info exists EncCert]) and ([HTTP::uri] starts_with "/XXXXXX") } {
HTTP::collect
SSL::authenticate once
SSL::authenticate depth 3
SSL::cert mode request
SSL::renegotiate
}
}
when CLIENTSSL_HANDSHAKE {
HTTP::release
}
when HTTP_REQUEST_SEND {
clientside {
if { ([SSL::cert count] > 0) and (not [info exists InsCert])} {
HTTP::header insert "auth-cert" [X509::whole SSL::cert 0]]
set InsCert "OK"
}
}
}
when CLIENTSSL_CLIENTCERT {
set EncCert "OK"
}