Forum Discussion
DecDawkins_3864
Nimbostratus
NimbostratusBase64 decode certificate in header help
Hi!
Looking for some help on using the b64decode option within my irule, to decode an incoming client certificate which has been base64 encoded in a custom HTTP header.
I currently have the clie...
Kai_Wilke
MVP
MVPHi DecDawkins,
you can not perform a full certificate validation based on such HTTP-Header. All you can do is to extract some certificate fields.
when HTTP_REQUEST {
if { [HTTP::header value "X-Client-Cert-Example"] ne "" } then {
log local0.debug "Certificate HTTP header detected. X-Client-Cert-Example = [HTTP::header value "X-Client-Cert-Example"]"
if { [catch {
log local0.debug "Trying to b64decode the certificate HTTP header..."
set header_certificate [b64decode [HTTP::header value "X-Client-Cert-Example"]]
log local0.debug "... successfully b64decoded the certificate HTTP header."
}] } then {
log local0.debug "... failed to b64decode the certificate HTTP header."
return
}
if { [catch {
log local0.debug "Trying to extract X509 certificate information..."
set subject_name [X509::subject $header_certificate]
set issuer_name [X509::issuer $header_certificate]
log local0.debug "... successfully extracted Subject = \"$subject_name\" from CA = \"$issuer_name\"."
}] } then {
log local0.debug "... failed to extract Subject and CA values from the certificate."
}
}
}
Note: Unless you are using a very old TMOS version, you should not continue to use those
. They are not CMP-compliant and forcing your Virtual Server to run just on a single CPU-core. Check out support article K13033 for further information.$::variables
K13033: Constructing CMP-compatible iRules
https://support.f5.com/csp/article/K13033
Cheers, Kai
