vADC Forum

Reply
N/A
Posts: 1
Registered: ‎11-29-2012
Accepted Solution

Verifying client CERT for a specific URL using traffic script

I need a traffic script rule to require the use of a client CERT for a specific path associated with a site, while not requiring client CERTs for other site URLs.  The SSL decryption tab provides a straight forward approach to verify the client CERT for the entire site, but I only need this functionality for a specific URL.  How do I check the client CERT being sent in the request against the client CERT stored on the Stingray.


$path = http.getPath();


if( string.startsWith( $path, "/search/search.ser" ) {


$common_name = ssl.clientCertCommonName();


$cert = ssl.clientCert();


?????


New Contributor
Posts: 2
Registered: ‎11-29-2012

Re: Verifying client CERT for a specific URL using traffic script

Hi,

did you took at look at the "ssl.requireCert"? Maybe you can try the following (not tested):


$path = http.getPath();
if( string.startsWith( $path, "/search" ) {
   if( ssl.clientSupportsSecureRenegotiation() ) {



   ssl.requireCert();
   $common_name = ssl.clientCertCommonName();
   $cert = ssl.clientCert();



} else {



   http.sendResponse( 200, "text/plain",



      "Client cert required.", "" );



}


Hope this works for you.

Join the Community

Get quick and easy access to valuable resource designed to help you manage your Brocade Network.