FORTIWEB HTTP-CONTENT-ROUTING - X509 certificate

rici1979 · ‎05-07-2024

2024-05-07 05:32:00 (PT)

Hi,
we have a Fortiweb with 7.42 version. I created a Server Policy with the http content routing enabled. I added a http content routing policy with the follow filter.

edit "/portale-vendita-ws"
set server-pool CaaS-Portal_PREPROD_Pool
set http-content-routing-id 4229995619192477237
config content-routing-match-list
edit 1
set match-object http-request
set match-condition match-reg
set match-expression /modulo-offerta-ws
next
edit 2
set match-object x509-certificate-Subject
set x509-subject-name CN
set match-expression client.it
set value-match-condition equal
next
end

When i try the client authentication (my client certificate has with CN parameter the value client.it) with the url xxx.xxx.it/modulo-offerta-ws/PortaleDelleVenditeSiti.wsdl appears the 500 error. If i remove the x509-subject-name CN filter this url works.

Thanks

Anthony_E · ‎05-09-2024

Hello Rici,

Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.

Thanks,

Anthony-Fortinet Community Team.

Anthony_E · ‎05-14-2024

Hello Rici,

We are still looking for someone to help you.

We will come back to you ASAP.

Regards,

Anthony-Fortinet Community Team.

emete_FTNT · ‎05-16-2024

Hi rici1979,

Please make sure the URL certificate is not enabled. It's not supported together with X509 match conditions in content routing.

Another reason you are probably getting this error is that the CN value does not match exactly. Could you please try regex as a match condition instead?