Client Certificate Authentication

Thank you aron ,

 

 

There is a slight change in the requirement , so we have to setup thumbprint match and I saw this irule in devcentral. But I am confused how should my Data group should be configured to work with this Irule ?

 

 

I am looking for String , Value and how should that be setup

 

 

1: when CLIENTSSL_HANDSHAKE {

 

2: set subject_dn [X509::subject [SSL::cert 0]]

 

3: set cert_hash [X509::hash [SSL::cert 0]]

 

4: set cSSLSubject [findstr $subject_dn "CN=" 0 ","]

 

5:

 

6: log local0. "Subject = $subject_dn, Hash = $cert_hash and $cSSLSubject"

 

7:

 

8: Check if the client certificate contains the correct CN and Thumbprint from the list

 

9: set Expected_hash [class lookup $cSSLSubject mythumbprints]

 

10:

 

11: if { $Expected_hash != $cert_hash } {

 

12: log local0. "Thumbprint presented doesn't match mythumbprints. Expected Hash = $Expected_hash, Hash received = $cert_hash" 13: reject

 

14: }

 

15: }