Forum Discussion
AwesomeNetwork1
Nimbostratus
Nimbostratuscapturing the CN from a X509 subject
I found irules for capturing the X509::subject, but I need to capture the CN and insert it into a http::header. It looks like I can do that with the subject. any idea on how (if possible) I can isolate just the CN from the X509 subject?
5 Replies
Stanislas_Piro2Cumulonimbus
Hi,
if you have the subject stored in variable subject, use the following code=
set subject_element [split $subject ","]; foreach value $subject_element { if {[string first "CN=" $value] >=0} { set CN [string range $value [expr {[string first "=" $value] +1}] end ]; break; } }or
array set fields [split $subject ",="]the CN is then stored in $fields(CN)
Jad_Tabbara__J1Cirrostratus
Hi
You can use this to retrieve the CN from the subject
set subject [X509::subject [SSL::cert 0]] set fields [split $subject ","] log local0. [lindex $fields 0] // this will show you in the /var/log/ltm the CN=host.domain.comRegards
AwesomeNetwork1Will this code below assign a the cert CN to a value CN?
when CLIENTSSL_CLIENTCERT {
set debug 0 if {[SSL::cert 0] eq ""}{
reject } else {
set ssl_cert [SSL::cert 0]
set subject [X509::subject [SSL::cert 0]]} set subject_element [split subject ","] foreach value $subject_element { if {[string first "CN=" $value] >= 0}{ set CN [string range $value [expr {[string first "=" $value] +1}] end] break } } }What would be my procedure to add the CN to a header?
Something like -
HTTP::header insert "es-security-runas-user=$CN"
Thanks for the help and the quick respons.
- Jad_Tabbara__J1
Hello,
You can use the following
HTTP::header insert ES-Security-RunAs-User $CNRegards
- Stanislas_Piro2
Hi,
use this code:
when CLIENTSSL_CLIENTCERT { set debug 0 if {[SSL::cert 0] eq ""}{ reject } else { set ssl_cert [SSL::cert 0] set subject [X509::subject [SSL::cert 0]]} array set subject_fields [split $subject ",="] } } when HTTP_REQUEST { if {[info exists subject_fields(CN)]} { HTTP::header insert "username" $subject_fields(CN) } }
