Forum Discussion
Goran_Blomquis1
Oct 15, 2009Nimbostratus
Hi,
The result was that certificate info never reached the backend server (if I rember it right). Problem are solved and I use an I-rule looking something like this.
when CLIENTSSL_CLIENTCERT {
HTTP::release
if { [SSL::cert count] < 1 } {
reject
}
}
when HTTP_REQUEST {
if { [HTTP::uri] starts_with "/manual" } {
if { [SSL::cert count] <= 0 } {
HTTP::collect
SSL::authenticate always
SSL::authenticate depth 9
SSL::cert mode require
SSL::renegotiate
}
}
}
when HTTP_REQUEST_SEND {
clientside {
if { [HTTP::uri] starts_with "/manual" } {
if { [SSL::cert count] > 0 } {
HTTP::header replace X-Client-Cert [b64encode [SSL::cert 0]]
}
}
}
}