Forum Discussion
Hi,
Could you please explain the connection flow ? the issue here is that the "CLIENTSSL_CLIENTCERT" event is triggered only when the client sends a certificate during an SSL handshanke, not when sending the certificate inside an HTTP header with a GET/POST request.
is the client trying to set up an ssl connection with the VS ? or is he simply sending a certificate inside a http request ?
many thanks,
karim
Ok, if I understand well: your bigip receives a certificate inside an HTTP header and you want to validate it. Your BIGIP doesn't request the client certificate as part of the SSL handshake.
If the above is correct then the event "CLIENTSSL_CLIENTCERT" is never triggered on your bigip. You have to validate the certificate inside the HTTP_REQUEST event. Try the following:
when HTTP_REQUEST {
if { [HTTP::header exists "X-Client-Cert-Example"] } {
set cert_header [b64decode [HTTP::header "X-Client-Cert-Example"]]
set subject_dn [X509::subject $cert_header]
log local0. $subject_dn
you can add below all the tests you want about the certificate;
}
}
Many thanks,
Karim