Forum Discussion

Alexander_Bussh's avatar
Alexander_Bussh
Icon for Nimbostratus rankNimbostratus
Dec 16, 2008

Get Client Cert in SSL Session

Hi

 

 

I hope some can help me. I have some simple questions. I don’t have access to a F5 at the moment to try it.

 

 

With the following function I can get the client certificate from the SSL session, right?

 

SSL::cert - Returns X509 SSL certificate data.

 

 

Can I add the data into an http header? What kind of format has this data?

 

 

Is it possible to get the client certificate data when ever I want it? I mean is the Client Certificate available over the whole SSL Session, or is it only available at SSL session start?

 

 

I need this information for the application developer.

 

 

What I wanna do is …

 

I have an SSL session to the F5. The F5 makes SSL offloading. The client authenticates itself via Client Certificate.

 

For some reason we have to switch to another Web service. The Web services needs the User Certificate to know the user identity. I want to insert this certificate in a HTTP Header.

 

 

Cheers

 

Alexander

 

application delivery
dev
devops
iRules

1 Reply

Sort By
  • hooleylist's avatar
    hooleylist
    Icon for Cirrostratus rankCirrostratus
    Dec 16, 2008
    Hi Alexander,

     

     

    You can certainly insert the client cert in a header. You can save the cert in the LTM session table and then reference it using the client's SSL session ID. Try searching this forum for 'client cert header' for some examples. There is also a Codeshare example (Insert Client Cert in Server Headers Click here). You can get details on the various commands from the iRules wiki (SSL:: Click here, X509:: Click here).

     

     

    Reply here if you have any questions on what you find.

     

     

    Aaron