Mar 27, 2026 - For details about updated CVE-2025-53521 (BIG-IP APM vulnerability), refer to K000156741.

Forum Discussion

2019F5DevCentra's avatar
2019F5DevCentra
Icon for Cirrus rankCirrus
Oct 25, 2019

Certificate Logging via iRule

Certificate Logging via iRule -   I think I'm missing something pretty simple. My goal is to log the CN, Subject, Serial# of all Client's hitting my VIP. Is there a way to accomplish this witho...
big-ip
devops
irules
Hamish's avatar
Hamish
Icon for Cirrocumulus rankCirrocumulus
Oct 26, 2019

Sorry, your question feels a bit ambiguous.

 

Do you wish to log the SERVER side certificate information? or the CLIENT side certificate information?

 

If you wish to log the CLIENT side, then you'll have to REQUIRE a client cert. Because otherwise you have no guarantee that there will be one to log.

 

 

  • 2019F5DevCentra's avatar
    2019F5DevCentra
    Icon for Cirrus rankCirrus
    Oct 28, 2019

    Yes, I was trying to request the certificate details via CLIENT side. I wasn't sure if the only way to snatch this data up was to "REQUIRE" or "REQUEST" it via the SSL Profile option. I had thought there would be a way to grab this data in another method without having to allow it.

     

    Is there a way to grab the Server Side Certificate via iRule without the SSL Profile option selected?

     

    Thanks,