Forum Discussion

Cirrostratus

Dec 21, 2016

Client Certificate sr number validation - irule

Hi I have a virtual server which has a client ssl profile to validate the client certificate (require), as an additional security, we want to allow a client with a specific serial number only to co...

Nimbostratus

Dec 21, 2016

Your test is for "00:f3:f8:d0:2b:87:42:a1:05:4f:27:5f:dc:2c:41:66:c6", but the log indicates that the system pulled "f3:f8:d0:2b:87:42:a1:05:4f:27:5f:dc:2c:41:66:c6". Note that the BIG-IP will strip leading zeroes when using X509::serial_number - actually a function of underlying OpenSSL returning the value (see ).

Need to change your iRule to remove the leading zeroes.

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

Client Certificate sr number validation - irule

F5 Academy at AppWorld 2026

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

After upgrading from PeopleTools 8.59.11 to 8.61.11 F5 APM is not rewriting the internal URLs

F5 BIG IP laboratory license

F5 mssql health monitor failing

How can I get started with iCall

Connection Rest f5

Related Content

Automating Certificate Management on F5 BIG-IP

Automating ACMEv2 Certificate Management on BIG-IP

BIG-IQ Client Certificate (PKI) Authentication

SSL Client Certification Alert 46 Unknown CA

POC: Validate JWT with iRule

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS