Forum Discussion

2019F5DevCentra's avatar
2019F5DevCentra
Icon for Cirrus rankCirrus
Dec 05, 2019
Solved

Client Cert validation

Trying to understand the Logistics here in KB Article - https://clouddocs.f5.com/api/irules/ClientCertificateCNChecking.html   #Example Subject DN: /C=AU/ST=NSW/L=Syd/O=Your Organisation/O...
devops
iRules
  • Yoann_Le_Corvi1's avatar
    Yoann_Le_Corvi1
    Dec 06, 2019

     

    when CLIENTSSL_CLIENTCERT {
    set s_dn [X509::subject [SSL::cert 0]]
    set s_serial [X509::serial_number [SSL::cert 0]]
    log local0. "Client Certificate Received: $s_dn"
    if { $s_dn != "" }{
        if { ([matchclass $s_serial contains DatagroupS]) } {
            #Accept the client cert
            log local0. "Client Certificate Accepted: $s_serial"
        } else {
            reject
            log local0. "Failed Cert Auth - No Certificate"
        }
    } else {
        reject
    }
}

     

    Try this, it should work 🙂

Yoann_Le_Corvi1's avatar
Yoann_Le_Corvi1
Icon for Cumulonimbus rankCumulonimbus
Dec 11, 2019

Great. If you can then mark it as Answered would be great :)