Tom_Lebel_53961
Jul 07, 2006Nimbostratus
need a rule to force client certs
I am in an odd dilema. I need to write an iRule to do the same thing as 'require' setting does for client certs.
Problem exists, because I need to require client certs by regulation, and one of the applications uses Sun's JVM version 1.4.2_xx. It works off of an Oracle 10g IAS server (release 1). The 10g server at this release cannot use the 1.5 version of the JVM. The 1.4.2 version has a bug in it (http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=4480333)
The bug is it basically can't do client certs. The 1.5 version fixed this bug.
I want to set an iRule that makes the user present a cert at the first entry to the session, then not worry about it if that session is still in existance. If they fail to present a cert, do a HTTP::redirect.
Here's what I'm starting with, am I on the right track?
when HTTP_REQUEST {
if { [SSL::verify_result] eq "ok" }
{set SSL_cert eq "recvd"
}
else
{ HTTP::redirect "https://someotherpage.com/" }
}