Forum Discussion
CREDCO_17916
Apr 14, 2008Nimbostratus
Thanks for the info.
I did try naming a default pool, but still no luck. You think I need a default pool even though I'm parsing the URI and choosing a pool within my iRule? When I hit the Virtual in my browser, I don't get any error (404, 403.7 Client Cert required, etc), however in my IIS logs I do see 403.7 errors. As you can see I've added all sorts of logging, and all the variable values seem to be OK as I'm watching the LTM log. I wonder if I'm not inserting all the necessary data into the HTTP headers.
when CLIENTSSL_CLIENTCERT {
log local0. "==========================="
log local0. "<>"
set time to maintain session data (in seconds)
set session_timeout 300
set ssl_stuff [list anything1 anything2]
set ssl_cert [SSL::cert 0]
set ssl_errstr [X509::verify_cert_error_string [SSL::verify_result]]
set ssl_id [SSL::sessionid]
set subject_dn [X509::subject [SSL::cert 0]]
log local0. "SSL Error is: $ssl_errstr"
lset ssl_stuff 0 $ssl_cert
lset ssl_stuff 1 $ssl_errstr
log local0. "SSL ID is: $ssl_id"
log local0. "The timeout is set to: $session_timeout"
log local0. "Client cert received: $subject_dn"
session add ssl $ssl_id $ssl_stuff $session_timeout
log local0. "SSL Cert ID is $ssl_cert"
log local0. "SSL Stuff is $ssl_stuff"
log local0. "SSL errstr is $ssl_errstr"
}
when HTTP_REQUEST {
Retrieve certificate information from the session
set sslList [session lookup ssl [SSL::sessionid]]
set issuer [lindex sslList 0]
set subject [lindex sslList 1]
set version [lindex sslList 2]
log local0. "Value of ssllist is $sslList"
if { [HTTP::uri] contains "listener" } {
set ssl_stuff2 [session lookup ssl [SSL::sessionid]]
set ssl_cert2 [lindex $ssl_stuff2 0]
set ssl_errstr2 [lindex $ssl_stuff2 1]
log local0. "URI value is [HTTP::uri]"
log local0. "Value of ssl_errstr2 is $ssl_errstr2"
log local0. "Value of SSL Cert2 is $ssl_cert2"
HTTP::header insert SSLClientCertStatus $ssl_errstr2
HTTP::header insert SSLClientCertSN [X509::serial_number $ssl_cert2]
pool CCJAVABETA_TEST
log local0. "HTTP headers have been inserted"
} elseif { [HTTP::uri] contains "secondaryuse" } {
pool CCJAVABETA_EM_TEST
}
}