Forum Discussion

fmartos_30060's avatar
fmartos_30060
Icon for Nimbostratus rankNimbostratus
Mar 18, 2010

Error: SSL hudfilter not reached or not in chain

hi,

 

 

we're using alankila iRule to authenticate users with an SC (http://devcentral.f5.com/Wiki/default.aspx/iRules/RequestClientCertificateAndPassToApplication.html), and I'm receiving this message in my log:

 

 

error: SSL_XXX_XX - Error: SSL hudfilter not reached or not in chain (line 1)

 

invoked from within "SSL::cert count" peer expression (line 8)

 

invoked from within "clientside {

 

Security: reject any user-submitted headers by our magic names.

 

HTTP::header remove "XX-XXXXX-Client-Cert"

 

HTT..."

 

 

Any suggestion?

3 Replies

  • Double check that you've got your SSL profile enabled on the virtual server.

     

    -Matt
  • Posted By L4L7 on 03/18/2010 5:31 AM

     

     

    Double check that you've got your SSL profile enabled on the virtual server.

     

    -Matt

     

     

    The VS has a clientssl type profile applied:

     

     

    profile clientssl XXXXXXXX {

     

    defaults from clientssl

     

    key "XXXXXXXXX.key"

     

    cert "XXXXXXXXX.crt"

     

    chain "XXXXXXXXXX.crt"

     

    }

     

  • Do you have non-SSL connections allowed on the client SSL profile attached tot he VIP? Your snippet doesn't show it, but that's one reason I can think of that the SSL filter wouldn't have been reached on a VIP with a client SSL profile enabled. Or are you disabling SSL in an iRule with SSL::disable?

     

     

    Aaron