Forum Discussion
Manuel_Gabaldon
Jul 05, 2006Nimbostratus
Alright, it is documented here:
http://devcentral.f5.com/Default.aspx?tabid=29&ArticleType=ArticleView&ArticleID=39&PageID=46
It's the "needcert"/"gotcert" approach, but by ,modifying it i have reduced it to a specific problem with the renegotiation part.
Even with this iRule, browsing fails
when HTTP_REQUEST {
if {[HTTP::uri] starts_with "/needcert" } {
log LOCAL0. "Requiring certificate..."
SSL::cert mode request
SSL::renegotiate
}
}
It seems that when renegotiating, it is unable to instruct the browsar to send a certificate.
We're planning to redirect to a second virtual server with another SSL profile as a workaround, but is unelegant, i guess.
Thanks for your help.