For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

2019F5DevCentra's avatar
2019F5DevCentra
Icon for Cirrus rankCirrus
Dec 05, 2019
Solved

Client Cert validation

Trying to understand the Logistics here in KB Article - https://clouddocs.f5.com/api/irules/ClientCertificateCNChecking.html   #Example Subject DN: /C=AU/ST=NSW/L=Syd/O=Your Organisation/O...
devops
iRules
  • Yoann_Le_Corvi1's avatar
    Yoann_Le_Corvi1
    Dec 06, 2019

     

    when CLIENTSSL_CLIENTCERT {
    set s_dn [X509::subject [SSL::cert 0]]
    set s_serial [X509::serial_number [SSL::cert 0]]
    log local0. "Client Certificate Received: $s_dn"
    if { $s_dn != "" }{
        if { ([matchclass $s_serial contains DatagroupS]) } {
            #Accept the client cert
            log local0. "Client Certificate Accepted: $s_serial"
        } else {
            reject
            log local0. "Failed Cert Auth - No Certificate"
        }
    } else {
        reject
    }
}

     

    Try this, it should work 🙂

Yoann_Le_Corvi1's avatar
Yoann_Le_Corvi1
Icon for Cumulonimbus rankCumulonimbus
Dec 11, 2019

Great. If you can then mark it as Answered would be great :)