Forum Discussion

jondyke_46152's avatar
jondyke_46152
Icon for Nimbostratus rankNimbostratus
Jan 21, 2011

OCSP validation and thumbprint passing in header

I currenlty have a website setup that uses two mechanisms for logon. The first mechanism is just a user name and password that is validated against a database, the second mechansism is that the client can associate a client certificate (issuesd by an external party - Unipass) to their account so they do not have to enter their details each time. Currenlty we use a passthrough irule on this website, however I was wondering if it was possible to do the following:-

 

 

Get the F5 to offload and handle OCSP validation of the client certificate.

 

 

If the certificate is valid put the thumbprint of the cert into the header that is sent on to the web server (the web server code then processes the tumbprint and checks against the account database.)

 

 

If it is not valid the F5 then redirect to an error page on a web server.

 

 

 

I am pretty sure that this must be achievalble with irules although the ones I have written are to be fair fairly basic so any pointers in whether this is possible and how to go about this would be greatly appreciated.

 

 

Many Thanks,

 

 

Jon

 

application delivery
dev
devops
iRules

2 Replies

Sort By
  • hooleylist's avatar
    hooleylist
    Icon for Cirrostratus rankCirrostratus
    Feb 01, 2011
    Hi Jon,

     

     

    I think we discussed this issue here:

     

     

    http://devcentral.f5.com/Community/GroupDetails/tabid/1082223/asg/50/afv/topic/aft/1176761/aff/5/showtab/groupforums/Default.aspx

     

     

    Aaron
  • 2kl00mca52_2370's avatar
    2kl00mca52_2370
    Icon for Nimbostratus rankNimbostratus
    Dec 03, 2015

    Hi Jon,

     

    Do you have any more details for Unipass certificate validation on F5 side ? this validation should happen in some rule ?

     

    ~R