For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Nick_Matthews's avatar
Nick_Matthews
Icon for Cirrus rankCirrus
Feb 20, 2014

Check for Device UID/Serial number for access to website

Hi, I am hoping someone might be able to help with this question.   Currently I have a mobile device with a standard Android app (Not written by us) available for anyone to download that if used w...
application delivery
devops
iRules
Nick_Matthews's avatar
Nick_Matthews
Icon for Cirrus rankCirrus
Feb 20, 2014
Could I use iRules instead to check for a client cert rather than using the SSL Profile to do this? Something like: get certificate data when CLIENTSSL_CLIENTCERT { set cert [SSL::cert 0] set sn [X509::serial_number $cert] set subject [X509::subject $cert] set issuer [X509::issuer $cert] set version [X509::version $cert] set clientIP [IP::client_addr] check Certificate common name to see if it contains the FQDN for Virtual server if { $subject contains "CN=FQDN" } { uncomment the line below to validate that the iRule is accepting a valid certificate log local0. "cert CN valid" } else { if the certificate is not valid log client IP and reject connection log $clientIP log local0. "cert CN not valid" reject } }