Forum Discussion
2019F5DevCentra
Dec 05, 2019Cirrus
Client Cert validation
Trying to understand the Logistics here in KB Article - https://clouddocs.f5.com/api/irules/ClientCertificateCNChecking.html #Example Subject DN: /C=AU/ST=NSW/L=Syd/O=Your Organisation/O...
- Dec 06, 2019
when CLIENTSSL_CLIENTCERT { set s_dn [X509::subject [SSL::cert 0]] set s_serial [X509::serial_number [SSL::cert 0]] log local0. "Client Certificate Received: $s_dn" if { $s_dn != "" }{ if { ([matchclass $s_serial contains DatagroupS]) } { #Accept the client cert log local0. "Client Certificate Accepted: $s_serial" } else { reject log local0. "Failed Cert Auth - No Certificate" } } else { reject } }
Try this, it should work 🙂
Yoann_Le_Corvi1
Cumulonimbus
Hi
Maybe issues with { } ?
Can you post the full iRule ?
Thanks
2019F5DevCentra
Dec 05, 2019Cirrus
when CLIENTSSL_CLIENTCERT {
set s_dn [X509::subject [SSL::cert 0]]
set s_serial [X509::serial_number [SSL::cert 0]]
log local0. "Client Certificate Received: $s_dn"
if { $s_dn != "" }{
if { ([matchclass $s_serial contains DatagroupS]) } {
#Accept the client cert
log local0. "Client Certificate Accepted: $s_serial"
}
}
reject
log local0. "Failed Cert Auth - No Certificate"
}
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects