How to Insert SSL Client Certificate Information into the HTTP Header using the Rewrite feature on Netscaler

How to Insert SSL Client Certificate Information into the HTTP Header using the Rewrite feature on Netscaler

book

Article ID: CTX114461

calendar_today

Updated On:

Description

This article describes how to insert SSL Client Certificate information into the HTTP headers using the Rewrite feature on a NetScaler appliance. Client Certificate Subject information is used as an example.

When a NetScaler appliance performs SSL offload, the Client Certificate is not passed on to the backend servers. If the server requires information from the Certificate to verify or track the client, this information is not available.

Using the Rewrite feature, Client Certificate information can be inserted into the HTTP headers before it is forwarded to the servers.

 

Instructions

To insert SSL Client Certificate information into the HTTP headers using the Rewrite feature on a NetScaler appliance, complete the following procedure:

  1. Expand the Rewrite node from the Configuration utility.

  2. Select the Action node.

  3. Click Add.

  4. Specify a name for the action and select INSERT_HTTP_HEADER as the Type.

    User-added image

  5. In the Header Name field specify the name of the HTTP Header to be inserted.

    User-added image

  6. In the String expression for header value field specify the expression.

    For example: CLIENT.SSL.CLIENT_CERT.SUBJECT.VALUE("")

    User-added image

  7. Click Create to save the action.

  8. Select Rewrite > Policy.

  9. Click Add.

  10. Specify a name in the Name field.

    User-added image

  11. Select the appropriate action, as shown in the following screen shot:

    User-added image

  12. Add the Policy Expression.

    User-added image

  13. Click Create to save this policy.

  14. Click Bindings to bind the policy at a global level.

    User-added image

  15. Select the appropriate Type.

  16. Select active next to the policy to bind the policy and configure the appropriate priority, as shown in the following screen shot:

    User-added image

    Or

    Bind the policy to a specific virtual server in the Policies tab, as shown in the following screen shot:

    User-added image

To insert SSL Client Certificate information into the HTTP headers using the Rewrite feature from the command line interface of the appliance, run the following commands: 
add rewrite action <action name> insert_http_header <HeaderName>
"CLIENT.SSL.CLIENT_CERT.SUBJECT.VALUE(\"CN\")"
add rewrite policy <policy name> TRUE <action name>
bind rewrite global <policy name> <priority> <GoToPriorityExpression (such as END)> -type <type>
-Or-
bind lb vserver <vserver name> -policyName <policy name> -priority <positive integer> -gotoPriorityExpression <expression> -type REQUEST

Issue/Introduction

How to insert SSL Client Certificate information into the HTTP headers using the Rewrite feature on Netscaler

Additional Information

For configuration utility changes in NetScaler 10.1, refer here.

There are several methods to insert the CLIENT_SSL information into the HTTP Headers other than the Client Certificate Subject example in this article.

Configuring SSL-Based Header Insertion

Powered by Wolken Software