Forum Discussion

Nimbostratus

Aug 31, 2017

capturing the CN from a X509 subject

I found irules for capturing the X509::subject, but I need to capture the CN and insert it into a http::header. It looks like I can do that with the subject. any idea on how (if possible) I can iso...

application delivery

iRules

Stanislas_Piro2

Cumulonimbus

Sep 05, 2017

Hi,

use this code:

when CLIENTSSL_CLIENTCERT {
  set debug 0
    if {[SSL::cert 0] eq ""}{
        reject 
    } else { 
        set ssl_cert [SSL::cert 0]  
        set subject [X509::subject [SSL::cert 0]]}
        array set subject_fields [split $subject ",="]
    }
}

when HTTP_REQUEST {
    if {[info exists subject_fields(CN)]} {
        HTTP::header insert "username" $subject_fields(CN)
    }
}

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

capturing the CN from a X509 subject

Recent Discussions

F5 looses the token for the first call

iRule - Url rewrite and header replace and pool selection not working

Switch ssl profile based on weak cipher detection via IRULE

full-proxy HTTP2

Decode ObjectSID from Base64-encode string

Related Content

Decrypting BIG-IP Packet Captures without iRules

Decrypting BIG-IP Packet Captures Automatically

DevCentral Connects hosts Capture the Flag!

X509 Subject Formatting

Automating Packet Captures on BIG-IP

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS