Forum Discussion
Shawn_Salyers_8
Dec 28, 2010Nimbostratus
So this is what I have come up with so far:
when CLIENTSSL_CLIENTCERT {
set serial_dn [X509::serial_number [SSL::cert 0]]
log "Client Certificate Received: $serial_dn"
if { ([matchclass $serial_dn contains $::ClientCert])} {
Accept the client cert
log "Client Certificate Accepted: $serial_dn"
} else {
log "No Matching Client Certificate Was Found Using: $serial_dn"
reject
}
}
It basically checks the serial number of the client cert and see if it matches an entry in the Data Group.
Can I add anything to this to make it better? How can I add the serial number to the header so that it can get logged on the webserver side?
Thanks for the guidance and suggestions!