Forum Discussion
Brad_Parker_139
Feb 05, 2015Nacreous
Give this a try:
when HTTP_REQUEST {
if { [string toupper [HTTP::uri]] starts_with "/DEFG" }{
SSL::cert mode require
}
else {
SSL::cert mode request
}
}
I don't have a good place to test this but, this make me think it could work.
"the system stores the received peer certificate in the SSL session table, so the certificate is available to the specified iRule commands as long as the SSL session is valid. In previous releases, the CLIENTSSL_CLIENTCERT iRule event retrieved the peer certificate; now the stored certificate can also be retrieved inside the HTTP_REQUEST event."
https://devcentral.f5.com/wiki/iRules.SSL__cert.ashx- jermc777_185784Feb 06, 2015NimbostratusI tried this but it did not seem to work. I set have my SSL profile to "request" then to "require" and I also tried to ignore in both of those statements above but the URL just hangs or is looking for a cert.