Forum Discussion
James_Yang_9981
May 27, 2006Altostratus
Can we using SSL::profile to solve this issue?
the code may like this:
when HTTP_REQUEST {
if { [HTTP::uri] eq "/manual/" } {
SSL::profile cert_require_profile
SSL::renegotiate
} else {
SSL::cert mode ignore
log LOCAL0. "Other Pages"
}
}
with cert_require_profile, we can add CRL setting in it. so we can start with profile cert_ignor_profile that without CRL setting. if user access the "/menual/", then SSL::renegotiate will happen, when user submit client certificate, it will go through the CRL list.
I will test it later. any good idea?