Forum Discussion
hooleylist
Aug 20, 2009Cirrostratus
You'll need to set the client SSL profile to ignore client certs. In the iRule, after examining the requested URI and finding a request to a restricted URI, you'll want to renegotiate the SSL handshake with the client and dynamically set the client SSL filter to request a client cert. You can do this using:
HTTP::collect
SSL::session invalidate
SSL::authenticate always
SSL::authenticate depth 9
SSL::cert mode request
SSL::renegotiate
Make sure to include 'SSL::session invalidate' to force browsers to renegotiate a new SSL session ID. Not all versions of IE will do this otherwise.
Aaron