When sending a client certificate in a HTTP request, you can see a client-escaped certificate in the DataScript/ HTTP policy header.

Using DataScript

Attach a DataScript as follows:

escaped_cert = avi.ssl.client_cert(avi.CLIENT_CERT_ESCAPED)
 avi.vs.log(escaped_cert)
 avi.http.add_header("escaped_client_cert",escaped_cert) 

Send HTTPS request as follows:

sudo curl -vvv -k https://100.64.216.200:443 --cert /root/client/ssl_certs/client_auth_cert_1.pem --key /root/client/ssl_certs/client_auth_key_1.key 

You will see a escaped certificate in the virtual service logs and headers.

Remove the DataScript and send the request again. There will not be any certificate there.

  • Attach an HTTP request policy in a virtual service.

  • Add an action rule of type Modify Header and select Add Header option.

  • In Add Header, specify the header name and select SSL Client Cert Escaped option for the header value.

  • Send a HTTP/ HTTPS request from the client. The logs header displays the escaped certificate details.

  • Remove the rule and again send the traffic. There must not be any escaped certificate in the logs header.