F5 requires certificates for other URI paths
Hi,
We have our virtual server almost ready to be tested by our teams' consumers but we are running into this issue lately.
In Local Traffic ›› Profiles : Protocol : HTTP Class ›› ddTestHTTPClass I have: host name = collector.api.devabcdcentral.com Match Only URI paths (pattern string) = /collector/items*
So, curl of this type works but a simple health check on the resource also asks for certificates which is not what we want
curl -i https://collector.api.devabcdcentral.com/collector/items -F filedata=@abcd.txt -v --key certs/key.pem --cacert certs/ca.pem --cert certs/client.pem
Is there a way to configure requiring certificates only for a particular URI path?
Output for configured service requiring certificate -
$ curl -i https://collector.api.devabcdcentral.com/collector/items -F filedata=@abcd.txt -v --key certs/key.pem --cacert certs/ca.pem --cert certs/client.pem * About to connect() to collector.api.devabcdcentral.com port 443 (0) * Trying 10.162.143.19... * connected * Connected to collector.api.devabcdcentral.com (10.162.143.19) port 443 (0) Enter PEM pass phrase: * successfully set certificate verify locations: * CAfile: certs/ca.pem CApath: none * SSLv3, TLS handshake, Client hello (1): * SSLv3, TLS handshake, Server hello (2): * SSLv3, TLS handshake, CERT (11): * SSLv3, TLS handshake, Request CERT (13): * SSLv3, TLS handshake, Server finished (14): * SSLv3, TLS handshake, CERT (11): * SSLv3, TLS handshake, Client key exchange (16): * SSLv3, TLS handshake, CERT verify (15): * SSLv3, TLS change cipher, Client hello (1): * SSLv3, TLS handshake, Finished (20): * SSLv3, TLS change cipher, Client hello (1): * SSLv3, TLS handshake, Finished (20): * SSL connection using RC4-SHA * Server certificate: * subject: C=US; ST=Missouri; L=Kansas CIty; O=ABCD Corporation; CN=*.api.devabcdcentral.com * start date: 2013-02-25 17:23:45 GMT * expire date: 2015-02-26 00:57:04 GMT * subjectAltName: collector.api.devabcdcentral.com matched * issuer: C=US; O=Entrust, Inc.; OU=www.entrust.net/rpa is incorporated by reference; OU=(c) 2009 Entrust, Inc.; CN=Entrust Certification Authority - L1C * SSL certificate verify ok.
POST /collector/items HTTP/1.1 User-Agent: curl/7.24.0 (x86_64-apple-darwin12.0) libcurl/7.24.0 OpenSSL/0.9.8r zlib/1.2.5 Host: collector.api.devabcdcentral.com Accept: / Content-Length: 5370 Expect: 100-continue Content-Type: multipart/form-data; boundary=----------------------------ae2563cae974
< HTTP/1.1 100 Continue HTTP/1.1 100 Continue
< HTTP/1.1 201 Created HTTP/1.1 201 Created < Server: Apache-Coyote/1.1 Server: Apache-Coyote/1.1 < Vary: Accept-Encoding Vary: Accept-Encoding < Content-Length: 0 Content-Length: 0 < Date: Tue, 17 Sep 2013 16:08:43 GMT Date: Tue, 17 Sep 2013 16:08:43 GMT
< * Connection 0 to host collector.api.devabcdcentral.com left intact * Closing connection 0 * SSLv3, TLS alert, Client hello (1):
Output for health check that requires certificate -
$ curl https://collector.api.devabcdcentral.com/collector/health -v * About to connect() to collector.api.devabcdcentral.com port 443 (0) * Trying 10.162.143.19... * connected * Connected to collector.api.devabcdcentral.com (10.162.143.19) port 443 (0) * SSLv3, TLS handshake, Client hello (1): * SSLv3, TLS handshake, Server hello (2): * SSLv3, TLS handshake, CERT (11): * SSLv3, TLS handshake, Request CERT (13): * SSLv3, TLS handshake, Server finished (14): * SSLv3, TLS handshake, CERT (11): * SSLv3, TLS handshake, Client key exchange (16): * SSLv3, TLS change cipher, Client hello (1): * SSLv3, TLS handshake, Finished (20): * SSLv3, TLS alert, Server hello (2): * error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure * Closing connection 0 curl: (35) error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure