Forum Discussion
May 05, 2017
Your iRule fails because the variable
$subject_dn
doesn't exists when the client doesn't send a client certificate. This iRule should work:
when RULE_INIT {
set static::debug 1
}
when CLIENTSSL_CLIENTCERT {
set subject_dn [X509::subject [SSL::cert 0]]
if { $subject_dn != "" }{
if { $static::debug }{ log "Client Certificate received: $subject_dn"}
}
}
when CLIENTSSL_HANDSHAKE {
if { [SSL::verify_result] == !0 } then {set clientCRT 1} else {set clientCRT 0}
}
when HTTP_REQUEST {
if {[info exists subject_dn]} {
switch -glob -- $subject_dn {
"*CN=Vinit-A*" {HTTP::redirect "/vinit-A.html"}
"*CN=Vinit-B*" {HTTP::redirect "/vinit-B.html"}
"*CN=Vinit-B*" {HTTP::redirect "/vinit-C.html"}
}
}
else {
HTTP::redirect "/Certmissing.html"
}
}