When sending a client certificate in a HTTP request, you can see a client-escaped certificate in the DataScript/ HTTP policy header.
Using DataScript
Attach a DataScript as follows:
escaped_cert = avi.ssl.client_cert(avi.CLIENT_CERT_ESCAPED) avi.vs.log(escaped_cert) avi.http.add_header("escaped_client_cert",escaped_cert)
Send HTTPS request as follows:
sudo curl -vvv -k https://100.64.216.200:443 --cert /root/client/ssl_certs/client_auth_cert_1.pem --key /root/client/ssl_certs/client_auth_key_1.key
You will see a escaped certificate in the virtual service logs and headers.
Remove the DataScript and send the request again. There will not be any certificate there.
Attach an HTTP request policy in a virtual service.
Add an action rule of type Modify Header and select Add Header option.
In Add Header, specify the header name and select SSL Client Cert Escaped option for the header value.
Send a HTTP/ HTTPS request from the client. The logs header displays the escaped certificate details.
Remove the rule and again send the traffic. There must not be any escaped certificate in the logs header.