Forum Discussion
NimbostratusCan iRule see the issuer of CN and authorize SSL_Profile? (BIG-IP LTM 1600 ver10.2.2-HF3)
Currently, the users are authorized by BIG-IP with its client certificate that self Certifacation Authority server distributed. Configuration in WebUI: go to "ssl_cilent_profile" in Client SSL Profile name and choosed "client-ca" as this CA root certificate on Trusted Certificate Authorities.
With replacing CA server this time, I have changed the configuration. I made a "ssl_cilent_profile_new" in Client SSL Profile name, and then specified "client-ca-new" as a new CA root certificate.
For the time being, this new one and the old one will stay together. During this temporaliy period, I would like BIG-IP to authorize the client certifacate distributed by a new CA server as well without changing the URL of Virtual Server. Is there any way to make this, such asu identifying the issuer name by CN and determine if it can authorize or not? Is it possible to make iRule authorize the client certificate with its issuer name like SSL_Profile "ssl_cilent_profile_new"?
2 Replies
Yamto_NIEDA_998My question is simply if the iRule can work to identify two different client cert by CN issuer name? I'd appreciate it if anyone could give me an advice for this iRule use. Thanks in advance!- nitass
Employee
