ashbeyk_127079
Sep 26, 2005Nimbostratus
Cant set advertised cert authorities
I have a rule which decides whether to request a cert depending on the URL requested.
The client Authentication section of the Client SSL profile is set to "Ignore" and the iRule contains:
if {($need_cert == 1) && ($have_cert == 0)} {
HTTP::collect
log local0. "Cert required, sent renegotiate"
SSL::cert mode require
SSL::renegotiate
This works OK but I now want to set the "Advertised Certificate Authorities" to only prompt the client for certs generated from a specific authority. The GUI doesnt let me set this unless I change the Client Certificate field to "Auto". I then get prompted for a client cert for every connection. I tried setting SSL::cert mode ignore in the CLIENT_ACCEPTED event but the command isnt valid here. Is there a way round this?