Product Documentation

Configuring User-Defined Actions for SSL Policies

Sep 05, 2013
SSL policies require that you create an action before creating a policy, so that you can specify the actions when you create the policies. In SSL default syntax policies, you can also use the built-in actions. For more information about built-in actions, see Configuring Built-in SSL Actions.

To configure an SSL action by using the command line interface

At the command prompt, type the following commands to configure an action and verify the configuration:

  • add SSL action <name> -clientAuth(DOCLIENTAUTH | NOCLIENTAUTH) -clientCert (ENABLED | DISABLED) certHeader <string> -clientHeader <string> -clientCertSerialNumber (ENABLED | DISABLED) -certSerialHeader <string> -clientCertSubject (ENABLED | DISABLED) -certSubjectHeader <string> -clientCertHash (ENABLED | DISABLED) -certHashHeader <string> -clientCertIssuer (ENABLED | DISABLED) -certIssuerHeader <string> -sessionID (ENABLED | DISABLED) -sessionIDheader <string> -cipher (ENABLED | DISABLED) -cipherHeader <string> -clientCertNotBefore (ENABLED | DISABLED) -certNotBeforeHeader <string> -clientCertNotAfter (ENABLED | DISABLED) -certNotAfterHeader <string> -OWASupport (ENABLED | DISABLED)
  • show ssl action [<name>]

Example

 
> add ssl action Action-SSL-ClientCert -clientCert ENABLED -certHeader "X-Client-Cert" 
 Done 
> show ssl action Action-SSL-ClientCert 
1)      Name: Action-SSL-ClientCert 
         Data Insertion Action: 
        Cert Header: ENABLED            Cert Tag: X-Client-Cert 
 Done

To configure an SSL action by using the configuration utility

Navigate to Traffic Management > SSL > Policies and, on the Actions tab, click Add.