Forum Discussion
6 Replies
Sort By
- hooleylistCirrostratusHi,
- psor_73734NimbostratusAaron,
- hooleylistCirrostratusIt would be good to upgrade to the latest 9.4.x version, 9.4.7 as there have been a number of important fixes since 9.4.4. For OCSP validation of the client cert, there is a default OCSP verification iRule provided. You can reference that for ideas to start with. Once I have a working version I can post that as well.
- psor_73734NimbostratusI understand what you mean, but If I use request mode, clients will always be prompted to present a client certificate for entire site.. that's not what I want.
- hooleylistCirrostratusYou'll need to set the client SSL profile to ignore client certs. In the iRule, after examining the requested URI and finding a request to a restricted URI, you'll want to renegotiate the SSL handshake with the client and dynamically set the client SSL filter to request a client cert. You can do this using:
- psor_73734NimbostratusI will try it.