ltm rule command SSL authenticate

iRule(1)		      BIG-IP TMSH Manual		      iRule(1)



SSL::authenticate
       Overrides the current setting for authentication frequency or for the
       maximum depth of certificate chain traversal.

SYNOPSIS
       SSL::authenticate (once | always | (depth DEPTH))

DESCRIPTION
       Overrides the current setting for authentication frequency or for the
       maximum depth of certificate chain traversal.

       SSL::authenticate <"once" | "always">
	   Valid in a client-side context only, this command overrides the
       client-side SSL connectionaXXs current setting regarding authentication
       frequency.

       SSL::authenticate depth 
	   When the system evaluates the command in a client-side context, the
       command overrides the client-side SSL connectionaXXs current setting
       regarding maximum certificate chain traversal depth.
	   When the system evaluates the command in a server-side context, the
       command overrides the server-side SSL connectionaXXs current setting
       regarding maximum certificate chain traversal depth.

RETURN VALUE
VALID DURING
       ANY_EVENT

EXAMPLES
	when CLIENT_ACCEPTED {
	    set session_flag 0
	}
	when CLIENTSSL_HANDSHAKE {
	    if { [SSL::cert count] != 0 } {
		log "Client cert is OK; releasing HTTP request."
		HTTP::release
	    }
	}
	when HTTP_REQUEST {
	    if { [HTTP::uri] starts_with "/secure/" } {
		log "Certificate required for: [HTTP::uri]"
		if { [SSL::cert count] == 0} {
		    log "No cert found. Holding HTTP request until a client cert is presented..."
		HTTP::collect
		    set session_flag 1
		    SSL::authenticate always
		    SSL::authenticate depth 9
		    SSL::cert mode require
		    SSL::renegotiate
		}
	    }
	    else {
		log "No certificate needed for: [HTTP::uri]"
	    }
	}

HINTS
SEE ALSO
CHANGE LOG
       @BIGIP-9.0.0 --First introduced the command.



BIG-IP				  2017-01-31			      iRule(1)