Forum Discussion
Shawn_Salyers_8
Dec 16, 2010Nimbostratus
Client Certificate Help Needed!!!!
I have been searching the forums and have not been able to find an iRule example that I am able to get working. Simply put, I need to require a client certificate and allow access based on the thumbp...
Shawn_Salyers_8
Dec 28, 2010Nimbostratus
So this is what I have come up with so far:
when CLIENTSSL_CLIENTCERT {
set serial_dn [X509::serial_number [SSL::cert 0]]
log "Client Certificate Received: $serial_dn"
if { ([matchclass $serial_dn contains $::ClientCert])} {
Accept the client cert
log "Client Certificate Accepted: $serial_dn"
} else {
log "No Matching Client Certificate Was Found Using: $serial_dn"
reject
}
}
It basically checks the serial number of the client cert and see if it matches an entry in the Data Group.
Can I add anything to this to make it better? How can I add the serial number to the header so that it can get logged on the webserver side?
Thanks for the guidance and suggestions!
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects