Forum Discussion

Maxim_Taskov_90's avatar
Maxim_Taskov_90
Icon for Nimbostratus rankNimbostratus
Nov 15, 2011

Client Certificate Validation by Subject

I am trying to use the common name CN from the x509::subject variable to validate a client certificate. I used the rule from teh following post as a sample:

 

 

http://devcentral.f5.com/Community/GroupDetails/tabid/1082223/asg/39/aft/1167776/showtab/groupforums/Default.aspx

 

 

, and the following DevCentral Wiki for some additional ideas:

 

 

http://devcentral.f5.com/wiki/iRules.ClientCertificateCNChecking.ashx

 

 

My original iRule was:

 

 

when CLIENTSSL_CLIENTCERT {

 

set subject_dn [X509::subject [SSL::cert 0]]

 

log local0. "Client Certificate Received: $subject_dn"

 

if { [matchclass $subject_dn contains $::ebilling_accepted_certs]} {

 

log local0. "Client Certificate Accepted: $subject_dn"

 

} else {

 

log local0. "Invalid Client Certificate Was Found Using: $subject_dn"

 

reject

 

}

 

}

 

 

The above iRule does a very good job except that it had two defects, or at least that is what I observed in my deployment:

 

 

1. The iRule was crashing with TCL error when client certificate was not presented and instead of rejecting the connection, it allowed it.

 

 

2. The iRule was crashing with TCL error when the subject of client certificate was blank (yes, this happens) and instead of rejecting the connection, it allowed it.

 

 

Otherwise it was working very well by allowing the connectiong when the presented certificate was in the list of allowed and rejecting the connection when proper client certifiacte was presented (including a subject field, which is not blank) but it is not in the list of teh allowed certificates.

 

 

Then I tried to modify the rule to handle the failing conditions of 1 and 2 above. Here is what I got:

 

 

when CLIENTSSL_CLIENTCERT {

 

set subject_dn [X509::subject [SSL::cert 0]]

 

Log the subject properties of the presented certificate

 

log local0. "Client Certificate Received: $subject_dn"

 

Check to see if the presented certificate is allowed and if yes, accept

 

if {[matchclass $subject_dn contains $::ebilling_accepted_certs]} {

 

log local0. "Client Certificate Accepted: $subject_dn"

 

Check to see if certificate is presented and if not, reject

 

} elseif {[SSL::cert 0] eq ""} {

 

log local0. "Client Certificate was not provided"

 

reject

 

Check to see if the presented certificate has subject and if not, accept

 

} elseif {[string length $subject_dn] == 0 } {

 

log local0. "Client Certificate with blank subject was detected"

 

reject

 

} elseif {

 

Any other condition and valid bu unauthorized certificate, reject

 

log local0. "Unauthorized Client Certificate was detected: $subject_dn"

 

reject

 

}

 

}

 

 

The iRule above compiles and runs but still crashes and cannot handle the "blank subject" or "no certificate" conditions and continues to allow the connections when it should be rejecting them.

 

 

Any assistance will be greatly appreciated and is desperately needed. Thanks.

18 Replies

  • Nice work Nitass.

     

     

    Maxim, I think it's still important to escalate this to Support as X509::subject should return a null string if the subject in the cert is null or can't be parsed. And even if it does generate a runtime TCL error, that should trigger a reset of the TCP connection. So it's important for us to get the issue fixed.

     

     

    Aaron
  • Thanks for the test Nitass.

     

     

    I opened a case with F5 (F5 Case No. C998774). As usual they warned me that support is very limited but that they will log the case and see what the engineers will say. I will keep you posted.
  • Hoolio, nitass, this is what F5 Engineering Services delivered as a workaround but I can't make it compile yet, I am still tryng to figure out the logic:

     

     

    when CLIENTSSL_CLIENTCERT {

     

    if {[SSL::cert count] > 0}{

     

    set allfield "[X509::cert_fields [SSL::cert 0] [SSL::verify_result] issuer subject sigalg validity hash]"

     

    log local0. "$allfield"

     

    if { $allfield contains "SSLClientCertSubject" } {

     

    log local0. "matched SSLClientCertSubject"

     

    set subject_dn [X509::subject [SSL::cert 0]]

     

    } else {

     

    log local0. "not matched SSLClientCertSubject"

     

    set subject_dn ""

     

    }

     

    log local0. "Client Certificate Received: $subject_dn"

     

    if {$subject_dn eq ""} {

     

    log local0. "Client Certificate with blank subject was detected"

     

    reject

     

    } elseif {[matchclass $subject_dn contains ebilling_accepted_certs]} {

     

    log local0. "Client Certificate Accepted: $subject_dn"

     

    } else {

     

    log local0. "Unauthorized Client Certificate was detected: $subject_dn"

     

    reject

     

    }

     

    }

     

    }

     

     

    Can you see a sytax error anywhere or is it the logic that is flawed?
  • You should continue with your support case, but if you urgently need a workaround, your best bet is likely to use the catch command to detect if the X509:: command errors out, and handle the error via the iRule.
  • hi Maxim,

    sorry i missed your message. i tested Engineering Service's irule and it seemed to be okay too.

    [root@ve1023:Active] iRuleTest  b virtual bar list
    virtual bar {
       snat automap
       pool foo
       destination 172.28.19.79:443
       ip protocol 6
       rules myrule
       profiles {
          http {}
          myclientssl {
             clientside
          }
          tcp {}
       }
    }
    [root@ve1023:Active] iRuleTest  b profile myclientssl list
    profile clientssl myclientssl {
       defaults from clientssl
       ca file "clientblank_ca.crt"
       peer cert mode require
    }
    [root@ve1023:Active] iRuleTest  b rule myrule list
    rule myrule {
       when CLIENTSSL_CLIENTCERT {
            if {[SSL::cert count] > 0}{
                    set allfield "[X509::cert_fields [SSL::cert 0] [SSL::verify_result] issuer subject sigalg validity hash]"
                    log local0. "$allfield"
                    if { $allfield contains "SSLClientCertSubject" } {
                            log local0. "matched SSLClientCertSubject"
                            set subject_dn [X509::subject [SSL::cert 0]]
                    } else {
                            log local0. "not matched SSLClientCertSubject"
                            set subject_dn ""
                    }
                    log local0. "Client Certificate Received: $subject_dn"
                    if {$subject_dn eq ""} {
                            log local0. "Client Certificate with blank subject was detected"
                            reject
                    } elseif {[matchclass $subject_dn contains ebilling_accepted_certs]} {
                            log local0. "Client Certificate Accepted: $subject_dn"
                    } else {
                            log local0. "Unauthorized Client Certificate was detected: $subject_dn"
                            reject
                    }
            }
    }
    }
    
    [root@ve1023:Active] iRuleTest  curl -ik https://172.28.19.79 --cert ./clientblank.crt --key ./clientblank.key
    curl: (55) SSL_write() returned SYSCALL, errno = 104
    
    [root@ve1023:Active] iRuleTest  
    Nov 28 20:22:26 local/tmm info tmm[23027]: Rule myrule : SSLClientCertStatus OK SSLClientCertIssuer {CN=Cartus Enrolment CA,DC=production,DC=cendantmobility,DC=net} SSLClientCertSignatureAlgorithm sha1WithRSAEncryption SSLClientCertNotValidBefore {Oct 23 20:55:00 2011 GMT} SSLClientCertNotValidAfter {Oct 22 20:55:00 2012 GMT} SSLClientCertHash e6:44:7e:d2:5e:6b:be:a0:e8:45:53:d2:17:0a:2d:ac
    Nov 28 20:22:26 local/tmm info tmm[23027]: Rule myrule : not matched SSLClientCertSubject
    Nov 28 20:22:26 local/tmm info tmm[23027]: Rule myrule : Client Certificate Received:
    Nov 28 20:22:26 local/tmm info tmm[23027]: Rule myrule : Client Certificate with blank subject was detected
    
    
  • Thank you nitass. Sorry for the delayed response but I was away for almost two weeks. Your latest update to the iRule works as desired. This solves my problem. I still don't know why Rule 1 below will not compile and Rule 2, the latest one in the above thread, compiles fine. I looked at them character by character and I still cannot see the difference, it has to be some space or special character somewhere that confuses the compiler as when it fails to compile, it fails with a long thread of error, which are usually indicative of a missing brace or bracket where the logic of the rule is completely incomprehensible to the compiler. Regardless the second rule works fine and that makes me happy.

     

     

    I also closed the F5 support case. Their last statement was that the DevCentral workaround should be the fix and that if I want to avoid the TCL bug and make my original rule work, I need to go to BIG-IP OS 10.2.1. I cannot do that at the present but I plan to do so in not so distant future.

     

     

    Thank you again for your timely and professional support. Regards, Maxim

     

     

    RULE 1

     

    ---------------------------------------

     

    when CLIENTSSL_CLIENTCERT {

     

    if {[SSL::cert count] > 0}{

     

    set allfield "[X509::cert_fields [SSL::cert 0] [SSL::verify_result] issuer subject sigalg validity hash]"

     

    log local0. "$allfield"

     

    if { $allfield contains "SSLClientCertSubject" } {

     

    log local0. "matched SSLClientCertSubject"

     

    set subject_dn [X509::subject [SSL::cert 0]]

     

    }else{

     

    log local0. "not matched SSLClientCertSubject"

     

    set subject_dn ""

     

    }

     

    log local0. "Client Certificate Received: $subject_dn"

     

    if {$subject_dn eq ""} {

     

    log local0. "Client Certificate with blank subject was detected"

     

    reject

     

    }elseif{[matchclass $subject_dn contains ebilling_accepted_certs]} {

     

    log local0. "Client Certificate Accepted: $subject_dn"

     

    }else{

     

    log local0. "Unauthorized Client Certificate was detected: $subject_dn"

     

    reject

     

    }

     

    }

     

    }

     

     

     

    RULE 2

     

    ---------------------------------------

     

    when CLIENTSSL_CLIENTCERT {

     

    if {[SSL::cert count] > 0}{

     

    set allfield "[X509::cert_fields [SSL::cert 0] [SSL::verify_result] issuer subject sigalg validity hash]"

     

    log local0. "$allfield"

     

    if { $allfield contains "SSLClientCertSubject" } {

     

    log local0. "matched SSLClientCertSubject"

     

    set subject_dn [X509::subject [SSL::cert 0]]

     

    } else {

     

    log local0. "not matched SSLClientCertSubject"

     

    set subject_dn ""}

     

    log local0. "Client Certificate Received: $subject_dn"

     

    if {$subject_dn eq ""} {

     

    log local0. "Client Certificate with blank subject was detected"

     

    reject

     

    } elseif {[matchclass $subject_dn contains ebilling_accepted_certs]} {

     

    log local0. "Client Certificate Accepted: $subject_dn"

     

    } else {

     

    log local0. "Unauthorized Client Certificate was detected: $subject_dn"

     

    reject

     

    }

     

    }

     

    }

     

"}},"componentScriptGroups({\"componentId\":\"custom.widget.Beta_MetaNav\"})":{"__typename":"ComponentScriptGroups","scriptGroups":{"__typename":"ComponentScriptGroupsDefinition","afterInteractive":{"__typename":"PageScriptGroupDefinition","group":"AFTER_INTERACTIVE","scriptIds":[]},"lazyOnLoad":{"__typename":"PageScriptGroupDefinition","group":"LAZY_ON_LOAD","scriptIds":[]}},"componentScripts":[]},"component({\"componentId\":\"custom.widget.Community_Quicklinks\"})":{"__typename":"Component","render({\"context\":{\"component\":{\"entities\":[],\"props\":{}},\"page\":{\"entities\":[\"board:TechnicalForum\",\"message:187254\"],\"name\":\"ForumMessagePage\",\"props\":{},\"url\":\"https://community.f5.com/discussions/technicalforum/client-certificate-validation-by-subject/187254\"}}})":{"__typename":"ComponentRenderResult","html":"
Under Attack? F5 Will Help You.
Contacting F5 Support?
 
DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

"}},"componentScriptGroups({\"componentId\":\"custom.widget.Community_Quicklinks\"})":{"__typename":"ComponentScriptGroups","scriptGroups":{"__typename":"ComponentScriptGroupsDefinition","afterInteractive":{"__typename":"PageScriptGroupDefinition","group":"AFTER_INTERACTIVE","scriptIds":[]},"lazyOnLoad":{"__typename":"PageScriptGroupDefinition","group":"LAZY_ON_LOAD","scriptIds":[]}},"componentScripts":[]},"component({\"componentId\":\"custom.widget.Beta_Footer\"})":{"__typename":"Component","render({\"context\":{\"component\":{\"entities\":[],\"props\":{}},\"page\":{\"entities\":[\"board:TechnicalForum\",\"message:187254\"],\"name\":\"ForumMessagePage\",\"props\":{},\"url\":\"https://community.f5.com/discussions/technicalforum/client-certificate-validation-by-subject/187254\"}}})":{"__typename":"ComponentRenderResult","html":"
 
 
 
 
 

\"F5 ©2024 F5, Inc. All rights reserved.
Trademarks Policies Privacy California Privacy Do Not Sell My Personal Information
"}},"componentScriptGroups({\"componentId\":\"custom.widget.Beta_Footer\"})":{"__typename":"ComponentScriptGroups","scriptGroups":{"__typename":"ComponentScriptGroupsDefinition","afterInteractive":{"__typename":"PageScriptGroupDefinition","group":"AFTER_INTERACTIVE","scriptIds":[]},"lazyOnLoad":{"__typename":"PageScriptGroupDefinition","group":"LAZY_ON_LOAD","scriptIds":[]}},"componentScripts":[]},"component({\"componentId\":\"custom.widget.Tag_Manager_Helper\"})":{"__typename":"Component","render({\"context\":{\"component\":{\"entities\":[],\"props\":{}},\"page\":{\"entities\":[\"board:TechnicalForum\",\"message:187254\"],\"name\":\"ForumMessagePage\",\"props\":{},\"url\":\"https://community.f5.com/discussions/technicalforum/client-certificate-validation-by-subject/187254\"}}})":{"__typename":"ComponentRenderResult","html":" "}},"componentScriptGroups({\"componentId\":\"custom.widget.Tag_Manager_Helper\"})":{"__typename":"ComponentScriptGroups","scriptGroups":{"__typename":"ComponentScriptGroupsDefinition","afterInteractive":{"__typename":"PageScriptGroupDefinition","group":"AFTER_INTERACTIVE","scriptIds":[]},"lazyOnLoad":{"__typename":"PageScriptGroupDefinition","group":"LAZY_ON_LOAD","scriptIds":[]}},"componentScripts":[]},"component({\"componentId\":\"custom.widget.Consent_Blackbar\"})":{"__typename":"Component","render({\"context\":{\"component\":{\"entities\":[],\"props\":{}},\"page\":{\"entities\":[\"board:TechnicalForum\",\"message:187254\"],\"name\":\"ForumMessagePage\",\"props\":{},\"url\":\"https://community.f5.com/discussions/technicalforum/client-certificate-validation-by-subject/187254\"}}})":{"__typename":"ComponentRenderResult","html":"
"}},"componentScriptGroups({\"componentId\":\"custom.widget.Consent_Blackbar\"})":{"__typename":"ComponentScriptGroups","scriptGroups":{"__typename":"ComponentScriptGroupsDefinition","afterInteractive":{"__typename":"PageScriptGroupDefinition","group":"AFTER_INTERACTIVE","scriptIds":[]},"lazyOnLoad":{"__typename":"PageScriptGroupDefinition","group":"LAZY_ON_LOAD","scriptIds":[]}},"componentScripts":[]},"cachedText({\"lastModified\":\"1740415735000\",\"locale\":\"en-US\",\"namespaces\":[\"components/community/NavbarDropdownToggle\"]})":[{"__ref":"CachedAsset:text:en_US-components/community/NavbarDropdownToggle-1740415735000"}],"cachedText({\"lastModified\":\"1740415735000\",\"locale\":\"en-US\",\"namespaces\":[\"components/messages/EscalatedMessageBanner\"]})":[{"__ref":"CachedAsset:text:en_US-components/messages/EscalatedMessageBanner-1740415735000"}],"cachedText({\"lastModified\":\"1740415735000\",\"locale\":\"en-US\",\"namespaces\":[\"components/users/UserLink\"]})":[{"__ref":"CachedAsset:text:en_US-components/users/UserLink-1740415735000"}],"cachedText({\"lastModified\":\"1740415735000\",\"locale\":\"en-US\",\"namespaces\":[\"shared/client/components/users/UserRank\"]})":[{"__ref":"CachedAsset:text:en_US-shared/client/components/users/UserRank-1740415735000"}],"cachedText({\"lastModified\":\"1740415735000\",\"locale\":\"en-US\",\"namespaces\":[\"components/messages/MessageTime\"]})":[{"__ref":"CachedAsset:text:en_US-components/messages/MessageTime-1740415735000"}],"cachedText({\"lastModified\":\"1740415735000\",\"locale\":\"en-US\",\"namespaces\":[\"components/messages/MessageSolvedBadge\"]})":[{"__ref":"CachedAsset:text:en_US-components/messages/MessageSolvedBadge-1740415735000"}],"cachedText({\"lastModified\":\"1740415735000\",\"locale\":\"en-US\",\"namespaces\":[\"components/messages/MessageSubject\"]})":[{"__ref":"CachedAsset:text:en_US-components/messages/MessageSubject-1740415735000"}],"cachedText({\"lastModified\":\"1740415735000\",\"locale\":\"en-US\",\"namespaces\":[\"components/messages/MessageBody\"]})":[{"__ref":"CachedAsset:text:en_US-components/messages/MessageBody-1740415735000"}],"cachedText({\"lastModified\":\"1740415735000\",\"locale\":\"en-US\",\"namespaces\":[\"components/messages/MessageCustomFields\"]})":[{"__ref":"CachedAsset:text:en_US-components/messages/MessageCustomFields-1740415735000"}],"cachedText({\"lastModified\":\"1740415735000\",\"locale\":\"en-US\",\"namespaces\":[\"components/messages/MessageReplyButton\"]})":[{"__ref":"CachedAsset:text:en_US-components/messages/MessageReplyButton-1740415735000"}],"cachedText({\"lastModified\":\"1740415735000\",\"locale\":\"en-US\",\"namespaces\":[\"components/messages/AcceptedSolutionButton\"]})":[{"__ref":"CachedAsset:text:en_US-components/messages/AcceptedSolutionButton-1740415735000"}],"cachedText({\"lastModified\":\"1740415735000\",\"locale\":\"en-US\",\"namespaces\":[\"components/messages/MessageView/MessageViewInline\"]})":[{"__ref":"CachedAsset:text:en_US-components/messages/MessageView/MessageViewInline-1740415735000"}],"cachedText({\"lastModified\":\"1740415735000\",\"locale\":\"en-US\",\"namespaces\":[\"shared/client/components/common/Pager/PagerLoadMore\"]})":[{"__ref":"CachedAsset:text:en_US-shared/client/components/common/Pager/PagerLoadMore-1740415735000"}],"cachedText({\"lastModified\":\"1740415735000\",\"locale\":\"en-US\",\"namespaces\":[\"components/customComponent/CustomComponent\"]})":[{"__ref":"CachedAsset:text:en_US-components/customComponent/CustomComponent-1740415735000"}],"message({\"id\":\"message:187265\"})":{"__ref":"ForumReplyMessage:message:187265"},"message({\"id\":\"message:187266\"})":{"__ref":"ForumReplyMessage:message:187266"},"message({\"id\":\"message:187267\"})":{"__ref":"ForumReplyMessage:message:187267"},"message({\"id\":\"message:187268\"})":{"__ref":"ForumReplyMessage:message:187268"},"message({\"id\":\"message:187269\"})":{"__ref":"ForumReplyMessage:message:187269"},"message({\"id\":\"message:187270\"})":{"__ref":"ForumReplyMessage:message:187270"},"message({\"id\":\"message:187271\"})":{"__ref":"ForumReplyMessage:message:187271"},"message({\"id\":\"message:187272\"})":{"__ref":"ForumReplyMessage:message:187272"},"cachedText({\"lastModified\":\"1740415735000\",\"locale\":\"en-US\",\"namespaces\":[\"shared/client/components/users/UserAvatar\"]})":[{"__ref":"CachedAsset:text:en_US-shared/client/components/users/UserAvatar-1740415735000"}],"cachedText({\"lastModified\":\"1740415735000\",\"locale\":\"en-US\",\"namespaces\":[\"shared/client/components/ranks/UserRankLabel\"]})":[{"__ref":"CachedAsset:text:en_US-shared/client/components/ranks/UserRankLabel-1740415735000"}],"cachedText({\"lastModified\":\"1740415735000\",\"locale\":\"en-US\",\"namespaces\":[\"shared/client/components/nodes/NodeIcon\"]})":[{"__ref":"CachedAsset:text:en_US-shared/client/components/nodes/NodeIcon-1740415735000"}],"cachedText({\"lastModified\":\"1740415735000\",\"locale\":\"en-US\",\"namespaces\":[\"components/tags/TagView/TagViewChip\"]})":[{"__ref":"CachedAsset:text:en_US-components/tags/TagView/TagViewChip-1740415735000"}]},"CachedAsset:pages-1741994368806":{"__typename":"CachedAsset","id":"pages-1741994368806","value":[{"lastUpdatedTime":1741994368806,"localOverride":null,"page":{"id":"HowDoI.GetInvolved.MvpProgram","type":"COMMUNITY","urlPath":"/c/how-do-i/get-involved/mvp-program","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1741994368806,"localOverride":null,"page":{"id":"BlogViewAllPostsPage","type":"BLOG","urlPath":"/category/:categoryId/blog/:boardId/all-posts/(/:after|/:before)?","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1741994368806,"localOverride":null,"page":{"id":"CasePortalPage","type":"CASE_PORTAL","urlPath":"/caseportal","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1741994368806,"localOverride":null,"page":{"id":"CreateGroupHubPage","type":"GROUP_HUB","urlPath":"/groups/create","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1741994368806,"localOverride":null,"page":{"id":"CaseViewPage","type":"CASE_DETAILS","urlPath":"/case/:caseId/:caseNumber","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1741994368806,"localOverride":null,"page":{"id":"InboxPage","type":"COMMUNITY","urlPath":"/inbox","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1741994368806,"localOverride":null,"page":{"id":"HowDoI.GetInvolved.AdvocacyProgram","type":"COMMUNITY","urlPath":"/c/how-do-i/get-involved/advocacy-program","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1741994368806,"localOverride":null,"page":{"id":"HowDoI.GetHelp.NonCustomer","type":"COMMUNITY","urlPath":"/c/how-do-i/get-help/non-customer","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1741994368806,"localOverride":null,"page":{"id":"HelpFAQPage","type":"COMMUNITY","urlPath":"/help","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1741994368806,"localOverride":null,"page":{"id":"HowDoI.GetHelp.F5Customer","type":"COMMUNITY","urlPath":"/c/how-do-i/get-help/f5-customer","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1741994368806,"localOverride":null,"page":{"id":"IdeaMessagePage","type":"IDEA_POST","urlPath":"/idea/:boardId/:messageSubject/:messageId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1741994368806,"localOverride":null,"page":{"id":"IdeaViewAllIdeasPage","type":"IDEA","urlPath":"/category/:categoryId/ideas/:boardId/all-ideas/(/:after|/:before)?","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1741994368806,"localOverride":null,"page":{"id":"LoginPage","type":"USER","urlPath":"/signin","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1741994368806,"localOverride":null,"page":{"id":"BlogPostPage","type":"BLOG","urlPath":"/category/:categoryId/blogs/:boardId/create","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1741994368806,"localOverride":null,"page":{"id":"HowDoI.GetInvolved","type":"COMMUNITY","urlPath":"/c/how-do-i/get-involved","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1741994368806,"localOverride":null,"page":{"id":"HowDoI.Learn","type":"COMMUNITY","urlPath":"/c/how-do-i/learn","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1739501733000,"localOverride":null,"page":{"id":"Test","type":"CUSTOM","urlPath":"/custom-test-2","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1741994368806,"localOverride":null,"page":{"id":"ThemeEditorPage","type":"COMMUNITY","urlPath":"/designer/themes","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1741994368806,"localOverride":null,"page":{"id":"TkbViewAllArticlesPage","type":"TKB","urlPath":"/category/:categoryId/kb/:boardId/all-articles/(/:after|/:before)?","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1741994368806,"localOverride":null,"page":{"id":"OccasionEditPage","type":"EVENT","urlPath":"/event/:boardId/:messageSubject/:messageId/edit","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1741994368806,"localOverride":null,"page":{"id":"OAuthAuthorizationAllowPage","type":"USER","urlPath":"/auth/authorize/allow","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1741994368806,"localOverride":null,"page":{"id":"PageEditorPage","type":"COMMUNITY","urlPath":"/designer/pages","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1741994368806,"localOverride":null,"page":{"id":"PostPage","type":"COMMUNITY","urlPath":"/category/:categoryId/:boardId/create","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1741994368806,"localOverride":null,"page":{"id":"ForumBoardPage","type":"FORUM","urlPath":"/category/:categoryId/discussions/:boardId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1741994368806,"localOverride":null,"page":{"id":"TkbBoardPage","type":"TKB","urlPath":"/category/:categoryId/kb/:boardId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1741994368806,"localOverride":null,"page":{"id":"EventPostPage","type":"EVENT","urlPath":"/category/:categoryId/events/:boardId/create","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1741994368806,"localOverride":null,"page":{"id":"UserBadgesPage","type":"COMMUNITY","urlPath":"/users/:login/:userId/badges","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1741994368806,"localOverride":null,"page":{"id":"GroupHubMembershipAction","type":"GROUP_HUB","urlPath":"/membership/join/:nodeId/:membershipType","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1741994368806,"localOverride":null,"page":{"id":"MaintenancePage","type":"COMMUNITY","urlPath":"/maintenance","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1741994368806,"localOverride":null,"page":{"id":"IdeaReplyPage","type":"IDEA_REPLY","urlPath":"/idea/:boardId/:messageSubject/:messageId/comments/:replyId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1741994368806,"localOverride":null,"page":{"id":"UserSettingsPage","type":"USER","urlPath":"/mysettings/:userSettingsTab","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1741994368806,"localOverride":null,"page":{"id":"GroupHubsPage","type":"GROUP_HUB","urlPath":"/groups","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1741994368806,"localOverride":null,"page":{"id":"ForumPostPage","type":"FORUM","urlPath":"/category/:categoryId/discussions/:boardId/create","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1741994368806,"localOverride":null,"page":{"id":"OccasionRsvpActionPage","type":"OCCASION","urlPath":"/event/:boardId/:messageSubject/:messageId/rsvp/:responseType","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1741994368806,"localOverride":null,"page":{"id":"VerifyUserEmailPage","type":"USER","urlPath":"/verifyemail/:userId/:verifyEmailToken","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1741994368806,"localOverride":null,"page":{"id":"AllOccasionsPage","type":"OCCASION","urlPath":"/category/:categoryId/events/:boardId/all-events/(/:after|/:before)?","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1741994368806,"localOverride":null,"page":{"id":"EventBoardPage","type":"EVENT","urlPath":"/category/:categoryId/events/:boardId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1741994368806,"localOverride":null,"page":{"id":"TkbReplyPage","type":"TKB_REPLY","urlPath":"/kb/:boardId/:messageSubject/:messageId/comments/:replyId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1741994368806,"localOverride":null,"page":{"id":"IdeaBoardPage","type":"IDEA","urlPath":"/category/:categoryId/ideas/:boardId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1741994368806,"localOverride":null,"page":{"id":"CommunityGuideLinesPage","type":"COMMUNITY","urlPath":"/communityguidelines","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1741994368806,"localOverride":null,"page":{"id":"CaseCreatePage","type":"SALESFORCE_CASE_CREATION","urlPath":"/caseportal/create","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1741994368806,"localOverride":null,"page":{"id":"TkbEditPage","type":"TKB","urlPath":"/kb/:boardId/:messageSubject/:messageId/edit","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1741994368806,"localOverride":null,"page":{"id":"ForgotPasswordPage","type":"USER","urlPath":"/forgotpassword","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1741994368806,"localOverride":null,"page":{"id":"IdeaEditPage","type":"IDEA","urlPath":"/idea/:boardId/:messageSubject/:messageId/edit","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1741994368806,"localOverride":null,"page":{"id":"TagPage","type":"COMMUNITY","urlPath":"/tag/:tagName","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1741994368806,"localOverride":null,"page":{"id":"BlogBoardPage","type":"BLOG","urlPath":"/category/:categoryId/blog/:boardId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1741994368806,"localOverride":null,"page":{"id":"OccasionMessagePage","type":"OCCASION_TOPIC","urlPath":"/event/:boardId/:messageSubject/:messageId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1741994368806,"localOverride":null,"page":{"id":"ManageContentPage","type":"COMMUNITY","urlPath":"/managecontent","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1741994368806,"localOverride":null,"page":{"id":"ClosedMembershipNodeNonMembersPage","type":"GROUP_HUB","urlPath":"/closedgroup/:groupHubId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1741994368806,"localOverride":null,"page":{"id":"HowDoI.GetHelp.Community","type":"COMMUNITY","urlPath":"/c/how-do-i/get-help/community","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1741994368806,"localOverride":null,"page":{"id":"CommunityPage","type":"COMMUNITY","urlPath":"/","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1741994368806,"localOverride":null,"page":{"id":"HowDoI.GetInvolved.ContributeCode","type":"COMMUNITY","urlPath":"/c/how-do-i/get-involved/contribute-code","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1741994368806,"localOverride":null,"page":{"id":"ForumMessagePage","type":"FORUM_TOPIC","urlPath":"/discussions/:boardId/:messageSubject/:messageId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1741994368806,"localOverride":null,"page":{"id":"IdeaPostPage","type":"IDEA","urlPath":"/category/:categoryId/ideas/:boardId/create","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1741994368806,"localOverride":null,"page":{"id":"BlogMessagePage","type":"BLOG_ARTICLE","urlPath":"/blog/:boardId/:messageSubject/:messageId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1741994368806,"localOverride":null,"page":{"id":"RegistrationPage","type":"USER","urlPath":"/register","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1741994368806,"localOverride":null,"page":{"id":"EditGroupHubPage","type":"GROUP_HUB","urlPath":"/group/:groupHubId/edit","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1741994368806,"localOverride":null,"page":{"id":"ForumEditPage","type":"FORUM","urlPath":"/discussions/:boardId/:messageSubject/:messageId/edit","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1741994368806,"localOverride":null,"page":{"id":"ResetPasswordPage","type":"USER","urlPath":"/resetpassword/:userId/:resetPasswordToken","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1741994368806,"localOverride":null,"page":{"id":"TkbMessagePage","type":"TKB_ARTICLE","urlPath":"/kb/:boardId/:messageSubject/:messageId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1741994368806,"localOverride":null,"page":{"id":"HowDoI.Learn.AboutIrules","type":"COMMUNITY","urlPath":"/c/how-do-i/learn/about-irules","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1741994368806,"localOverride":null,"page":{"id":"BlogEditPage","type":"BLOG","urlPath":"/blog/:boardId/:messageSubject/:messageId/edit","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1741994368806,"localOverride":null,"page":{"id":"HowDoI.GetHelp.F5Support","type":"COMMUNITY","urlPath":"/c/how-do-i/get-help/f5-support","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1741994368806,"localOverride":null,"page":{"id":"ManageUsersPage","type":"USER","urlPath":"/users/manage/:tab?/:manageUsersTab?","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1741994368806,"localOverride":null,"page":{"id":"ForumReplyPage","type":"FORUM_REPLY","urlPath":"/discussions/:boardId/:messageSubject/:messageId/replies/:replyId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1741994368806,"localOverride":null,"page":{"id":"PrivacyPolicyPage","type":"COMMUNITY","urlPath":"/privacypolicy","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1741994368806,"localOverride":null,"page":{"id":"NotificationPage","type":"COMMUNITY","urlPath":"/notifications","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1741994368806,"localOverride":null,"page":{"id":"UserPage","type":"USER","urlPath":"/users/:login/:userId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1741994368806,"localOverride":null,"page":{"id":"HealthCheckPage","type":"COMMUNITY","urlPath":"/health","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1741994368806,"localOverride":null,"page":{"id":"OccasionReplyPage","type":"OCCASION_REPLY","urlPath":"/event/:boardId/:messageSubject/:messageId/comments/:replyId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1741994368806,"localOverride":null,"page":{"id":"ManageMembersPage","type":"GROUP_HUB","urlPath":"/group/:groupHubId/manage/:tab?","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1741994368806,"localOverride":null,"page":{"id":"SearchResultsPage","type":"COMMUNITY","urlPath":"/search","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1741994368806,"localOverride":null,"page":{"id":"BlogReplyPage","type":"BLOG_REPLY","urlPath":"/blog/:boardId/:messageSubject/:messageId/replies/:replyId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1741994368806,"localOverride":null,"page":{"id":"GroupHubPage","type":"GROUP_HUB","urlPath":"/group/:groupHubId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1741994368806,"localOverride":null,"page":{"id":"TermsOfServicePage","type":"COMMUNITY","urlPath":"/termsofservice","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1741994368806,"localOverride":null,"page":{"id":"HowDoI.GetHelp","type":"COMMUNITY","urlPath":"/c/how-do-i/get-help","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1741994368806,"localOverride":null,"page":{"id":"HowDoI.GetHelp.SecurityIncident","type":"COMMUNITY","urlPath":"/c/how-do-i/get-help/security-incident","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1741994368806,"localOverride":null,"page":{"id":"CategoryPage","type":"CATEGORY","urlPath":"/category/:categoryId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1741994368806,"localOverride":null,"page":{"id":"ForumViewAllTopicsPage","type":"FORUM","urlPath":"/category/:categoryId/discussions/:boardId/all-topics/(/:after|/:before)?","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1741994368806,"localOverride":null,"page":{"id":"TkbPostPage","type":"TKB","urlPath":"/category/:categoryId/kbs/:boardId/create","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1741994368806,"localOverride":null,"page":{"id":"GroupHubPostPage","type":"GROUP_HUB","urlPath":"/group/:groupHubId/:boardId/create","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1741994368806,"localOverride":null,"page":{"id":"HowDoI","type":"COMMUNITY","urlPath":"/c/how-do-i","__typename":"PageDescriptor"},"__typename":"PageResource"}],"localOverride":false},"CachedAsset:text:en_US-components/context/AppContext/AppContextProvider-0":{"__typename":"CachedAsset","id":"text:en_US-components/context/AppContext/AppContextProvider-0","value":{"noCommunity":"Cannot find community","noUser":"Cannot find current user","noNode":"Cannot find node with id {nodeId}","noMessage":"Cannot find message with id {messageId}"},"localOverride":false},"CachedAsset:text:en_US-shared/client/components/common/Loading/LoadingDot-0":{"__typename":"CachedAsset","id":"text:en_US-shared/client/components/common/Loading/LoadingDot-0","value":{"title":"Loading..."},"localOverride":false},"User:user:-1":{"__typename":"User","id":"user:-1","uid":-1,"login":"Former Member","email":"","avatar":null,"rank":null,"kudosWeight":1,"registrationData":{"__typename":"RegistrationData","status":"ANONYMOUS","registrationTime":null,"confirmEmailStatus":false,"registrationAccessLevel":"VIEW","ssoRegistrationFields":[]},"ssoId":null,"profileSettings":{"__typename":"ProfileSettings","dateDisplayStyle":{"__typename":"InheritableStringSettingWithPossibleValues","key":"layout.friendly_dates_enabled","value":"false","localValue":"true","possibleValues":["true","false"]},"dateDisplayFormat":{"__typename":"InheritableStringSetting","key":"layout.format_pattern_date","value":"dd-MMM-yyyy","localValue":"MM-dd-yyyy"},"language":{"__typename":"InheritableStringSettingWithPossibleValues","key":"profile.language","value":"en-US","localValue":null,"possibleValues":["en-US"]}},"deleted":false},"Theme:customTheme1":{"__typename":"Theme","id":"customTheme1"},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bi0zMS0yaUY5MjM3RDI3NzVEQzI1M0U\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bi0zMS0yaUY5MjM3RDI3NzVEQzI1M0U","mimeType":"image/png"},"Category:category:Forums":{"__typename":"Category","id":"category:Forums","entityType":"CATEGORY","displayId":"Forums","nodeType":"category","depth":1,"title":"Forums","shortTitle":"Forums","parent":{"__ref":"Category:category:top"},"categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:top":{"__typename":"Category","id":"category:top","displayId":"top","nodeType":"category","depth":0,"title":"Top","entityType":"CATEGORY","shortTitle":"Top"},"Forum:board:TechnicalForum":{"__typename":"Forum","id":"board:TechnicalForum","entityType":"FORUM","displayId":"TechnicalForum","nodeType":"board","depth":2,"conversationStyle":"FORUM","title":"Technical Forum","description":"Ask questions.\r\nDiscover Answers.","avatar":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bi0zMS0yaUY5MjM3RDI3NzVEQzI1M0U\"}"},"profileSettings":{"__typename":"ProfileSettings","language":null},"parent":{"__ref":"Category:category:Forums"},"ancestors":{"__typename":"CoreNodeConnection","edges":[{"__typename":"CoreNodeEdge","node":{"__ref":"Community:community:zihoc95639"}},{"__typename":"CoreNodeEdge","node":{"__ref":"Category:category:Forums"}}]},"userContext":{"__typename":"NodeUserContext","canAddAttachments":false,"canUpdateNode":false,"canPostMessages":false,"isSubscribed":false},"boardPolicies":{"__typename":"BoardPolicies","canPublishArticleOnCreate":{"__typename":"PolicyResult","failureReason":{"__typename":"FailureReason","message":"error.lithium.policies.forums.policy_can_publish_on_create_workflow_action.accessDenied","key":"error.lithium.policies.forums.policy_can_publish_on_create_workflow_action.accessDenied","args":[]}},"canReadNode":{"__typename":"PolicyResult","failureReason":null}},"shortTitle":"Technical Forum","repliesProperties":{"__typename":"RepliesProperties","sortOrder":"PUBLISH_TIME","repliesFormat":"threaded"},"forumPolicies":{"__typename":"ForumPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}},"eventPath":"category:Forums/community:zihoc95639board:TechnicalForum/","tagProperties":{"__typename":"TagNodeProperties","tagsEnabled":{"__typename":"PolicyResult","failureReason":null}},"requireTags":true,"tagType":"FREEFORM_AND_PRESET"},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/cmstNDEtSzFzVEth\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/cmstNDEtSzFzVEth","height":0,"width":0,"mimeType":"image/svg+xml"},"Rank:rank:41":{"__typename":"Rank","id":"rank:41","position":18,"name":"Nimbostratus","color":"CCCCCC","icon":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/cmstNDEtSzFzVEth\"}"},"rankStyle":"FILLED"},"User:user:154146":{"__typename":"User","id":"user:154146","uid":154146,"login":"Maxim_Taskov_90","deleted":false,"avatar":{"__typename":"UserAvatar","url":"https://community.f5.com/t5/s/zihoc95639/m_assets/avatars/default/avatar-12.svg?time=0"},"rank":{"__ref":"Rank:rank:41"},"email":"","messagesCount":33,"biography":null,"topicsCount":7,"kudosReceivedCount":0,"kudosGivenCount":0,"kudosWeight":1,"registrationData":{"__typename":"RegistrationData","status":null,"registrationTime":"2006-02-12T00:00:00.000-08:00","confirmEmailStatus":null},"followersCount":null,"solutionsCount":0,"entityType":"USER","eventPath":"community:zihoc95639/user:154146"},"ForumTopicMessage:message:187254":{"__typename":"ForumTopicMessage","uid":187254,"subject":"Client Certificate Validation by Subject","id":"message:187254","revisionNum":1,"repliesCount":18,"author":{"__ref":"User:user:154146"},"depth":0,"hasGivenKudo":false,"board":{"__ref":"Forum:board:TechnicalForum"},"conversation":{"__ref":"Conversation:conversation:187254"},"readOnly":false,"editFrozen":false,"moderationData":{"__ref":"ModerationData:moderation_data:187254"},"body":"I am trying to use the common name CN from the x509::subject variable to validate a client certificate. I used the rule from teh following post as a sample:

 

\n

 

http://devcentral.f5.com/Community/GroupDetails/tabid/1082223/asg/39/aft/1167776/showtab/groupforums/Default.aspx

 

\n

 

, and the following DevCentral Wiki for some additional ideas:

 

\n

 

http://devcentral.f5.com/wiki/iRules.ClientCertificateCNChecking.ashx

 

\n

 

My original iRule was:

 

\n

 

when CLIENTSSL_CLIENTCERT {

\n

 

set subject_dn [X509::subject [SSL::cert 0]]

\n

 

log local0. \"Client Certificate Received: $subject_dn\"

\n

 

if { [matchclass $subject_dn contains $::ebilling_accepted_certs]} {

\n

 

log local0. \"Client Certificate Accepted: $subject_dn\"

\n

 

} else {

\n

 

log local0. \"Invalid Client Certificate Was Found Using: $subject_dn\"

\n

 

reject

\n

 

}

\n

 

}

 

\n

 

The above iRule does a very good job except that it had two defects, or at least that is what I observed in my deployment:

 

\n

 

1. The iRule was crashing with TCL error when client certificate was not presented and instead of rejecting the connection, it allowed it.

 

\n

 

2. The iRule was crashing with TCL error when the subject of client certificate was blank (yes, this happens) and instead of rejecting the connection, it allowed it.

 

\n

 

Otherwise it was working very well by allowing the connectiong when the presented certificate was in the list of allowed and rejecting the connection when proper client certifiacte was presented (including a subject field, which is not blank) but it is not in the list of teh allowed certificates.

 

\n

 

Then I tried to modify the rule to handle the failing conditions of 1 and 2 above. Here is what I got:

 

\n

 

when CLIENTSSL_CLIENTCERT {

\n

 

set subject_dn [X509::subject [SSL::cert 0]]

\n

 

Log the subject properties of the presented certificate

\n

 

log local0. \"Client Certificate Received: $subject_dn\"

\n

 

Check to see if the presented certificate is allowed and if yes, accept

\n

 

if {[matchclass $subject_dn contains $::ebilling_accepted_certs]} {

\n

 

log local0. \"Client Certificate Accepted: $subject_dn\"

\n

 

Check to see if certificate is presented and if not, reject

\n

 

} elseif {[SSL::cert 0] eq \"\"} {

\n

 

log local0. \"Client Certificate was not provided\"

\n

 

reject

\n

 

Check to see if the presented certificate has subject and if not, accept

\n

 

} elseif {[string length $subject_dn] == 0 } {

\n

 

log local0. \"Client Certificate with blank subject was detected\"

\n

 

reject

\n

 

} elseif {

\n

 

Any other condition and valid bu unauthorized certificate, reject

\n

 

log local0. \"Unauthorized Client Certificate was detected: $subject_dn\"

\n

 

reject

\n

 

}

\n

 

}

 

\n

 

The iRule above compiles and runs but still crashes and cannot handle the \"blank subject\" or \"no certificate\" conditions and continues to allow the connections when it should be rejecting them.

 

\n

 

Any assistance will be greatly appreciated and is desperately needed. Thanks.","body@stringLength":"4091","rawBody":"I am trying to use the common name CN from the x509::subject variable to validate a client certificate. I used the rule from teh following post as a sample:

 

\n

 

http://devcentral.f5.com/Community/GroupDetails/tabid/1082223/asg/39/aft/1167776/showtab/groupforums/Default.aspx

 

\n

 

, and the following DevCentral Wiki for some additional ideas:

 

\n

 

http://devcentral.f5.com/wiki/iRules.ClientCertificateCNChecking.ashx

 

\n

 

My original iRule was:

 

\n

 

when CLIENTSSL_CLIENTCERT {

\n

 

set subject_dn [X509::subject [SSL::cert 0]]

\n

 

log local0. \"Client Certificate Received: $subject_dn\"

\n

 

if { [matchclass $subject_dn contains $::ebilling_accepted_certs]} {

\n

 

log local0. \"Client Certificate Accepted: $subject_dn\"

\n

 

} else {

\n

 

log local0. \"Invalid Client Certificate Was Found Using: $subject_dn\"

\n

 

reject

\n

 

}

\n

 

}

 

\n

 

The above iRule does a very good job except that it had two defects, or at least that is what I observed in my deployment:

 

\n

 

1. The iRule was crashing with TCL error when client certificate was not presented and instead of rejecting the connection, it allowed it.

 

\n

 

2. The iRule was crashing with TCL error when the subject of client certificate was blank (yes, this happens) and instead of rejecting the connection, it allowed it.

 

\n

 

Otherwise it was working very well by allowing the connectiong when the presented certificate was in the list of allowed and rejecting the connection when proper client certifiacte was presented (including a subject field, which is not blank) but it is not in the list of teh allowed certificates.

 

\n

 

Then I tried to modify the rule to handle the failing conditions of 1 and 2 above. Here is what I got:

 

\n

 

when CLIENTSSL_CLIENTCERT {

\n

 

set subject_dn [X509::subject [SSL::cert 0]]

\n

 

Log the subject properties of the presented certificate

\n

 

log local0. \"Client Certificate Received: $subject_dn\"

\n

 

Check to see if the presented certificate is allowed and if yes, accept

\n

 

if {[matchclass $subject_dn contains $::ebilling_accepted_certs]} {

\n

 

log local0. \"Client Certificate Accepted: $subject_dn\"

\n

 

Check to see if certificate is presented and if not, reject

\n

 

} elseif {[SSL::cert 0] eq \"\"} {

\n

 

log local0. \"Client Certificate was not provided\"

\n

 

reject

\n

 

Check to see if the presented certificate has subject and if not, accept

\n

 

} elseif {[string length $subject_dn] == 0 } {

\n

 

log local0. \"Client Certificate with blank subject was detected\"

\n

 

reject

\n

 

} elseif {

\n

 

Any other condition and valid bu unauthorized certificate, reject

\n

 

log local0. \"Unauthorized Client Certificate was detected: $subject_dn\"

\n

 

reject

\n

 

}

\n

 

}

 

\n

 

The iRule above compiles and runs but still crashes and cannot handle the \"blank subject\" or \"no certificate\" conditions and continues to allow the connections when it should be rejecting them.

 

\n

 

Any assistance will be greatly appreciated and is desperately needed. Thanks.","kudosSumWeight":0,"postTime":"2011-11-15T09:16:40.000-08:00","images":{"__typename":"AssociatedImageConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"attachments":{"__typename":"AttachmentConnection","pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null},"edges":[]},"tags":{"__typename":"TagConnection","pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null},"edges":[{"__typename":"TagEdge","cursor":"MjUuMnwyLjF8b3wxMHxfTlZffDE","node":{"__typename":"Tag","id":"tag:application delivery","text":"application delivery","time":"2021-06-30T01:48:44.000-07:00","lastActivityTime":null,"messagesCount":null,"followersCount":null}},{"__typename":"TagEdge","cursor":"MjUuMnwyLjF8b3wxMHxfTlZffDI","node":{"__typename":"Tag","id":"tag:dev","text":"dev","time":"2022-01-24T02:29:45.108-08:00","lastActivityTime":null,"messagesCount":null,"followersCount":null}},{"__typename":"TagEdge","cursor":"MjUuMnwyLjF8b3wxMHxfTlZffDM","node":{"__typename":"Tag","id":"tag:devops","text":"devops","time":"2011-10-19T17:50:55.000-07:00","lastActivityTime":null,"messagesCount":null,"followersCount":null}},{"__typename":"TagEdge","cursor":"MjUuMnwyLjF8b3wxMHxfTlZffDQ","node":{"__typename":"Tag","id":"tag:iRules","text":"iRules","time":"2022-01-24T02:29:45.106-08:00","lastActivityTime":null,"messagesCount":null,"followersCount":null}}]},"timeToRead":2,"currentRevision":{"__ref":"Revision:revision:187254_1"},"latestVersion":null,"metrics":{"__typename":"MessageMetrics","views":800},"visibilityScope":"PUBLIC","canonicalUrl":null,"seoTitle":null,"seoDescription":null,"isEscalated":null,"placeholder":false,"originalMessageForPlaceholder":null,"messagePolicies":{"__typename":"MessagePolicies","canModerateSpamMessage":{"__typename":"PolicyResult","failureReason":{"__typename":"FailureReason","message":"error.lithium.policies.feature.moderation_spam.action.moderate_entity.allowed.accessDenied","key":"error.lithium.policies.feature.moderation_spam.action.moderate_entity.allowed.accessDenied","args":[]}}},"archivalData":null,"searchSnippet":"I am trying to use the common name CN from the x509::subject variable to validate a client certificate. I used the rule from teh following post as a sample:   \n   http://devcentral.f5.c...","replies":{"__typename":"MessageConnection","edges":[{"__typename":"MessageEdge","cursor":"MjUuMnwyLjF8aXwxMHwzOToxfGludCwxODcyNTUsMTg3MjY1","node":{"__ref":"ForumReplyMessage:message:187265"}},{"__typename":"MessageEdge","cursor":"MjUuMnwyLjF8aXwxMHwzOToxfGludCwxODcyNTUsMTg3MjY2","node":{"__ref":"ForumReplyMessage:message:187266"}},{"__typename":"MessageEdge","cursor":"MjUuMnwyLjF8aXwxMHwzOToxfGludCwxODcyNTUsMTg3MjY3","node":{"__ref":"ForumReplyMessage:message:187267"}},{"__typename":"MessageEdge","cursor":"MjUuMnwyLjF8aXwxMHwzOToxfGludCwxODcyNTUsMTg3MjY4","node":{"__ref":"ForumReplyMessage:message:187268"}},{"__typename":"MessageEdge","cursor":"MjUuMnwyLjF8aXwxMHwzOToxfGludCwxODcyNTUsMTg3MjY5","node":{"__ref":"ForumReplyMessage:message:187269"}},{"__typename":"MessageEdge","cursor":"MjUuMnwyLjF8aXwxMHwzOToxfGludCwxODcyNTUsMTg3Mjcw","node":{"__ref":"ForumReplyMessage:message:187270"}},{"__typename":"MessageEdge","cursor":"MjUuMnwyLjF8aXwxMHwzOToxfGludCwxODcyNTUsMTg3Mjcx","node":{"__ref":"ForumReplyMessage:message:187271"}},{"__typename":"MessageEdge","cursor":"MjUuMnwyLjF8aXwxMHwzOToxfGludCwxODcyNTUsMTg3Mjcy","node":{"__ref":"ForumReplyMessage:message:187272"}}],"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":true,"startCursor":"MjUuMnwyLjF8aXwxMHwzOToxfGludCwxODcyNTUsMTg3MjY1"}},"customFields":[]},"Conversation:conversation:187254":{"__typename":"Conversation","id":"conversation:187254","solved":false,"topic":{"__ref":"ForumTopicMessage:message:187254"},"lastPostingActivityTime":"2011-12-04T00:05:50.000-08:00","lastPostTime":"2011-12-04T00:05:50.000-08:00","unreadReplyCount":18,"isSubscribed":false},"ModerationData:moderation_data:187254":{"__typename":"ModerationData","id":"moderation_data:187254","status":"APPROVED","rejectReason":null,"isReportedAbuse":false,"rejectUser":null,"rejectTime":null,"rejectActorType":null},"Revision:revision:187254_1":{"__typename":"Revision","id":"revision:187254_1","lastEditTime":"2011-11-15T09:16:40.000-08:00"},"CachedAsset:theme:customTheme1-1741994368394":{"__typename":"CachedAsset","id":"theme:customTheme1-1741994368394","value":{"id":"customTheme1","animation":{"fast":"150ms","normal":"250ms","slow":"500ms","slowest":"750ms","function":"cubic-bezier(0.07, 0.91, 0.51, 1)","__typename":"AnimationThemeSettings"},"avatar":{"borderRadius":"50%","collections":["custom"],"__typename":"AvatarThemeSettings"},"basics":{"browserIcon":{"imageAssetName":"JimmyPackets-512-1702592938213.png","imageLastModified":"1702592945815","__typename":"ThemeAsset"},"customerLogo":{"imageAssetName":"f5_logo_fix-1704824537976.svg","imageLastModified":"1704824540697","__typename":"ThemeAsset"},"maximumWidthOfPageContent":"1600px","oneColumnNarrowWidth":"800px","gridGutterWidthMd":"30px","gridGutterWidthXs":"10px","pageWidthStyle":"WIDTH_OF_PAGE_CONTENT","__typename":"BasicsThemeSettings"},"buttons":{"borderRadiusSm":"5px","borderRadius":"5px","borderRadiusLg":"5px","paddingY":"5px","paddingYLg":"7px","paddingYHero":"var(--lia-bs-btn-padding-y-lg)","paddingX":"12px","paddingXLg":"14px","paddingXHero":"42px","fontStyle":"NORMAL","fontWeight":"400","textTransform":"NONE","disabledOpacity":0.5,"primaryTextColor":"var(--lia-bs-white)","primaryTextHoverColor":"var(--lia-bs-white)","primaryTextActiveColor":"var(--lia-bs-white)","primaryBgColor":"var(--lia-bs-primary)","primaryBgHoverColor":"hsl(var(--lia-bs-primary-h), var(--lia-bs-primary-s), calc(var(--lia-bs-primary-l) * 0.85))","primaryBgActiveColor":"hsl(var(--lia-bs-primary-h), var(--lia-bs-primary-s), calc(var(--lia-bs-primary-l) * 0.7))","primaryBorder":"1px solid transparent","primaryBorderHover":"1px solid transparent","primaryBorderActive":"1px solid transparent","primaryBorderFocus":"1px solid var(--lia-bs-white)","primaryBoxShadowFocus":"0 0 0 1px var(--lia-bs-primary), 0 0 0 4px hsla(var(--lia-bs-primary-h), var(--lia-bs-primary-s), var(--lia-bs-primary-l), 0.2)","secondaryTextColor":"var(--lia-bs-gray-900)","secondaryTextHoverColor":"hsl(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), calc(var(--lia-bs-gray-900-l) * 0.95))","secondaryTextActiveColor":"hsl(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), calc(var(--lia-bs-gray-900-l) * 0.9))","secondaryBgColor":"var(--lia-bs-gray-400)","secondaryBgHoverColor":"hsl(var(--lia-bs-gray-400-h), var(--lia-bs-gray-400-s), calc(var(--lia-bs-gray-400-l) * 0.96))","secondaryBgActiveColor":"hsl(var(--lia-bs-gray-400-h), var(--lia-bs-gray-400-s), calc(var(--lia-bs-gray-400-l) * 0.92))","secondaryBorder":"1px solid transparent","secondaryBorderHover":"1px solid transparent","secondaryBorderActive":"1px solid transparent","secondaryBorderFocus":"1px solid transparent","secondaryBoxShadowFocus":"0 0 0 1px var(--lia-bs-primary), 0 0 0 4px hsla(var(--lia-bs-primary-h), var(--lia-bs-primary-s), var(--lia-bs-primary-l), 0.2)","tertiaryTextColor":"var(--lia-bs-gray-900)","tertiaryTextHoverColor":"hsl(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), calc(var(--lia-bs-gray-900-l) * 0.95))","tertiaryTextActiveColor":"hsl(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), calc(var(--lia-bs-gray-900-l) * 0.9))","tertiaryBgColor":"transparent","tertiaryBgHoverColor":"transparent","tertiaryBgActiveColor":"hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.04)","tertiaryBorder":"1px solid transparent","tertiaryBorderHover":"1px solid hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.08)","tertiaryBorderActive":"1px solid transparent","tertiaryBorderFocus":"1px solid transparent","tertiaryBoxShadowFocus":"0 0 0 1px var(--lia-bs-primary), 0 0 0 4px hsla(var(--lia-bs-primary-h), var(--lia-bs-primary-s), var(--lia-bs-primary-l), 0.2)","destructiveTextColor":"var(--lia-bs-danger)","destructiveTextHoverColor":"hsl(var(--lia-bs-danger-h), var(--lia-bs-danger-s), calc(var(--lia-bs-danger-l) * 0.95))","destructiveTextActiveColor":"hsl(var(--lia-bs-danger-h), var(--lia-bs-danger-s), calc(var(--lia-bs-danger-l) * 0.9))","destructiveBgColor":"var(--lia-bs-gray-300)","destructiveBgHoverColor":"hsl(var(--lia-bs-gray-300-h), var(--lia-bs-gray-300-s), calc(var(--lia-bs-gray-300-l) * 0.96))","destructiveBgActiveColor":"hsl(var(--lia-bs-gray-300-h), var(--lia-bs-gray-300-s), calc(var(--lia-bs-gray-300-l) * 0.92))","destructiveBorder":"1px solid transparent","destructiveBorderHover":"1px solid transparent","destructiveBorderActive":"1px solid transparent","destructiveBorderFocus":"1px solid transparent","destructiveBoxShadowFocus":"0 0 0 1px var(--lia-bs-primary), 0 0 0 4px hsla(var(--lia-bs-primary-h), var(--lia-bs-primary-s), var(--lia-bs-primary-l), 0.2)","__typename":"ButtonsThemeSettings"},"border":{"color":"hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.08)","mainContent":"NONE","sideContent":"NONE","radiusSm":"3px","radius":"5px","radiusLg":"9px","radius50":"100vw","__typename":"BorderThemeSettings"},"boxShadow":{"xs":"0 0 0 1px hsla(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), var(--lia-bs-gray-900-l), 0.08), 0 3px 0 -1px hsla(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), var(--lia-bs-gray-900-l), 0.08)","sm":"0 2px 4px hsla(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), var(--lia-bs-gray-900-l), 0.06)","md":"0 5px 15px hsla(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), var(--lia-bs-gray-900-l), 0.15)","lg":"0 10px 30px hsla(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), var(--lia-bs-gray-900-l), 0.15)","__typename":"BoxShadowThemeSettings"},"cards":{"bgColor":"var(--lia-panel-bg-color)","borderRadius":"var(--lia-panel-border-radius)","boxShadow":"var(--lia-box-shadow-xs)","__typename":"CardsThemeSettings"},"chip":{"maxWidth":"300px","height":"30px","__typename":"ChipThemeSettings"},"coreTypes":{"defaultMessageLinkColor":"var(--lia-bs-primary)","defaultMessageLinkDecoration":"none","defaultMessageLinkFontStyle":"NORMAL","defaultMessageLinkFontWeight":"400","defaultMessageFontStyle":"NORMAL","defaultMessageFontWeight":"400","forumColor":"#0C5C8D","forumFontFamily":"var(--lia-bs-font-family-base)","forumFontWeight":"var(--lia-default-message-font-weight)","forumLineHeight":"var(--lia-bs-line-height-base)","forumFontStyle":"var(--lia-default-message-font-style)","forumMessageLinkColor":"var(--lia-default-message-link-color)","forumMessageLinkDecoration":"var(--lia-default-message-link-decoration)","forumMessageLinkFontStyle":"var(--lia-default-message-link-font-style)","forumMessageLinkFontWeight":"var(--lia-default-message-link-font-weight)","forumSolvedColor":"#62C026","blogColor":"#730015","blogFontFamily":"var(--lia-bs-font-family-base)","blogFontWeight":"var(--lia-default-message-font-weight)","blogLineHeight":"1.75","blogFontStyle":"var(--lia-default-message-font-style)","blogMessageLinkColor":"var(--lia-default-message-link-color)","blogMessageLinkDecoration":"var(--lia-default-message-link-decoration)","blogMessageLinkFontStyle":"var(--lia-default-message-link-font-style)","blogMessageLinkFontWeight":"var(--lia-default-message-link-font-weight)","tkbColor":"#C20025","tkbFontFamily":"var(--lia-bs-font-family-base)","tkbFontWeight":"var(--lia-default-message-font-weight)","tkbLineHeight":"1.75","tkbFontStyle":"var(--lia-default-message-font-style)","tkbMessageLinkColor":"var(--lia-default-message-link-color)","tkbMessageLinkDecoration":"var(--lia-default-message-link-decoration)","tkbMessageLinkFontStyle":"var(--lia-default-message-link-font-style)","tkbMessageLinkFontWeight":"var(--lia-default-message-link-font-weight)","qandaColor":"#4099E2","qandaFontFamily":"var(--lia-bs-font-family-base)","qandaFontWeight":"var(--lia-default-message-font-weight)","qandaLineHeight":"var(--lia-bs-line-height-base)","qandaFontStyle":"var(--lia-default-message-link-font-style)","qandaMessageLinkColor":"var(--lia-default-message-link-color)","qandaMessageLinkDecoration":"var(--lia-default-message-link-decoration)","qandaMessageLinkFontStyle":"var(--lia-default-message-link-font-style)","qandaMessageLinkFontWeight":"var(--lia-default-message-link-font-weight)","qandaSolvedColor":"#3FA023","ideaColor":"#F3704B","ideaFontFamily":"var(--lia-bs-font-family-base)","ideaFontWeight":"var(--lia-default-message-font-weight)","ideaLineHeight":"var(--lia-bs-line-height-base)","ideaFontStyle":"var(--lia-default-message-font-style)","ideaMessageLinkColor":"var(--lia-default-message-link-color)","ideaMessageLinkDecoration":"var(--lia-default-message-link-decoration)","ideaMessageLinkFontStyle":"var(--lia-default-message-link-font-style)","ideaMessageLinkFontWeight":"var(--lia-default-message-link-font-weight)","contestColor":"#FCC845","contestFontFamily":"var(--lia-bs-font-family-base)","contestFontWeight":"var(--lia-default-message-font-weight)","contestLineHeight":"var(--lia-bs-line-height-base)","contestFontStyle":"var(--lia-default-message-link-font-style)","contestMessageLinkColor":"var(--lia-default-message-link-color)","contestMessageLinkDecoration":"var(--lia-default-message-link-decoration)","contestMessageLinkFontStyle":"ITALIC","contestMessageLinkFontWeight":"var(--lia-default-message-link-font-weight)","occasionColor":"#EE4B5B","occasionFontFamily":"var(--lia-bs-font-family-base)","occasionFontWeight":"var(--lia-default-message-font-weight)","occasionLineHeight":"var(--lia-bs-line-height-base)","occasionFontStyle":"var(--lia-default-message-font-style)","occasionMessageLinkColor":"var(--lia-default-message-link-color)","occasionMessageLinkDecoration":"var(--lia-default-message-link-decoration)","occasionMessageLinkFontStyle":"var(--lia-default-message-link-font-style)","occasionMessageLinkFontWeight":"var(--lia-default-message-link-font-weight)","grouphubColor":"#491B62","categoryColor":"#949494","communityColor":"#FFFFFF","productColor":"#949494","__typename":"CoreTypesThemeSettings"},"colors":{"black":"#000000","white":"#FFFFFF","gray100":"#F7F7F7","gray200":"#F7F7F7","gray300":"#E8E8E8","gray400":"#D9D9D9","gray500":"#CCCCCC","gray600":"#949494","gray700":"#707070","gray800":"#545454","gray900":"#333333","dark":"#545454","light":"#F7F7F7","primary":"#0C5C8D","secondary":"#333333","bodyText":"#222222","bodyBg":"#F5F5F5","info":"#1D9CD3","success":"#62C026","warning":"#FFD651","danger":"#C20025","alertSystem":"#FF6600","textMuted":"#707070","highlight":"#FFFCAD","outline":"var(--lia-bs-primary)","custom":["#C20025","#081B85","#009639","#B3C6D7","#7CC0EB","#F29A36"],"__typename":"ColorsThemeSettings"},"divider":{"size":"3px","marginLeft":"4px","marginRight":"4px","borderRadius":"50%","bgColor":"var(--lia-bs-gray-600)","bgColorActive":"var(--lia-bs-gray-600)","__typename":"DividerThemeSettings"},"dropdown":{"fontSize":"var(--lia-bs-font-size-sm)","borderColor":"var(--lia-bs-border-color)","borderRadius":"var(--lia-bs-border-radius-sm)","dividerBg":"var(--lia-bs-gray-300)","itemPaddingY":"5px","itemPaddingX":"20px","headerColor":"var(--lia-bs-gray-700)","__typename":"DropdownThemeSettings"},"email":{"link":{"color":"#0069D4","hoverColor":"#0061c2","decoration":"none","hoverDecoration":"underline","__typename":"EmailLinkSettings"},"border":{"color":"#e4e4e4","__typename":"EmailBorderSettings"},"buttons":{"borderRadiusLg":"5px","paddingXLg":"16px","paddingYLg":"7px","fontWeight":"700","primaryTextColor":"#ffffff","primaryTextHoverColor":"#ffffff","primaryBgColor":"#0069D4","primaryBgHoverColor":"#005cb8","primaryBorder":"1px solid transparent","primaryBorderHover":"1px solid transparent","__typename":"EmailButtonsSettings"},"panel":{"borderRadius":"5px","borderColor":"#e4e4e4","__typename":"EmailPanelSettings"},"__typename":"EmailThemeSettings"},"emoji":{"skinToneDefault":"#ffcd43","skinToneLight":"#fae3c5","skinToneMediumLight":"#e2cfa5","skinToneMedium":"#daa478","skinToneMediumDark":"#a78058","skinToneDark":"#5e4d43","__typename":"EmojiThemeSettings"},"heading":{"color":"var(--lia-bs-body-color)","fontFamily":"Inter","fontStyle":"NORMAL","fontWeight":"600","h1FontSize":"30px","h2FontSize":"25px","h3FontSize":"20px","h4FontSize":"18px","h5FontSize":"16px","h6FontSize":"16px","lineHeight":"1.2","subHeaderFontSize":"11px","subHeaderFontWeight":"500","h1LetterSpacing":"normal","h2LetterSpacing":"normal","h3LetterSpacing":"normal","h4LetterSpacing":"normal","h5LetterSpacing":"normal","h6LetterSpacing":"normal","subHeaderLetterSpacing":"2px","h1FontWeight":"var(--lia-bs-headings-font-weight)","h2FontWeight":"var(--lia-bs-headings-font-weight)","h3FontWeight":"var(--lia-bs-headings-font-weight)","h4FontWeight":"var(--lia-bs-headings-font-weight)","h5FontWeight":"var(--lia-bs-headings-font-weight)","h6FontWeight":"var(--lia-bs-headings-font-weight)","__typename":"HeadingThemeSettings"},"icons":{"size10":"10px","size12":"12px","size14":"14px","size16":"16px","size20":"20px","size24":"24px","size30":"30px","size40":"40px","size50":"50px","size60":"60px","size80":"80px","size120":"120px","size160":"160px","__typename":"IconsThemeSettings"},"imagePreview":{"bgColor":"var(--lia-bs-gray-900)","titleColor":"var(--lia-bs-white)","controlColor":"var(--lia-bs-white)","controlBgColor":"var(--lia-bs-gray-800)","__typename":"ImagePreviewThemeSettings"},"input":{"borderColor":"var(--lia-bs-gray-600)","disabledColor":"var(--lia-bs-gray-600)","focusBorderColor":"var(--lia-bs-primary)","labelMarginBottom":"10px","btnFontSize":"var(--lia-bs-font-size-sm)","focusBoxShadow":"0 0 0 3px hsla(var(--lia-bs-primary-h), var(--lia-bs-primary-s), var(--lia-bs-primary-l), 0.2)","checkLabelMarginBottom":"2px","checkboxBorderRadius":"3px","borderRadiusSm":"var(--lia-bs-border-radius-sm)","borderRadius":"var(--lia-bs-border-radius)","borderRadiusLg":"var(--lia-bs-border-radius-lg)","formTextMarginTop":"4px","textAreaBorderRadius":"var(--lia-bs-border-radius)","activeFillColor":"var(--lia-bs-primary)","__typename":"InputThemeSettings"},"loading":{"dotDarkColor":"hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.2)","dotLightColor":"hsla(var(--lia-bs-white-h), var(--lia-bs-white-s), var(--lia-bs-white-l), 0.5)","barDarkColor":"hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.06)","barLightColor":"hsla(var(--lia-bs-white-h), var(--lia-bs-white-s), var(--lia-bs-white-l), 0.4)","__typename":"LoadingThemeSettings"},"link":{"color":"var(--lia-bs-primary)","hoverColor":"hsl(var(--lia-bs-primary-h), var(--lia-bs-primary-s), calc(var(--lia-bs-primary-l) - 10%))","decoration":"none","hoverDecoration":"underline","__typename":"LinkThemeSettings"},"listGroup":{"itemPaddingY":"15px","itemPaddingX":"15px","borderColor":"var(--lia-bs-gray-300)","__typename":"ListGroupThemeSettings"},"modal":{"contentTextColor":"var(--lia-bs-body-color)","contentBg":"var(--lia-bs-white)","backgroundBg":"var(--lia-bs-black)","smSize":"440px","mdSize":"760px","lgSize":"1080px","backdropOpacity":0.3,"contentBoxShadowXs":"var(--lia-bs-box-shadow-sm)","contentBoxShadow":"var(--lia-bs-box-shadow)","headerFontWeight":"700","__typename":"ModalThemeSettings"},"navbar":{"position":"FIXED","background":{"attachment":null,"clip":null,"color":"var(--lia-bs-white)","imageAssetName":null,"imageLastModified":"0","origin":null,"position":"CENTER_CENTER","repeat":"NO_REPEAT","size":"COVER","__typename":"BackgroundProps"},"backgroundOpacity":0.8,"paddingTop":"15px","paddingBottom":"15px","borderBottom":"1px solid var(--lia-bs-border-color)","boxShadow":"var(--lia-bs-box-shadow-sm)","brandMarginRight":"30px","brandMarginRightSm":"10px","brandLogoHeight":"30px","linkGap":"10px","linkJustifyContent":"flex-start","linkPaddingY":"5px","linkPaddingX":"10px","linkDropdownPaddingY":"9px","linkDropdownPaddingX":"var(--lia-nav-link-px)","linkColor":"var(--lia-bs-body-color)","linkHoverColor":"var(--lia-bs-primary)","linkFontSize":"var(--lia-bs-font-size-sm)","linkFontStyle":"NORMAL","linkFontWeight":"400","linkTextTransform":"NONE","linkLetterSpacing":"normal","linkBorderRadius":"var(--lia-bs-border-radius-sm)","linkBgColor":"transparent","linkBgHoverColor":"transparent","linkBorder":"none","linkBorderHover":"none","linkBoxShadow":"none","linkBoxShadowHover":"none","linkTextBorderBottom":"none","linkTextBorderBottomHover":"none","dropdownPaddingTop":"10px","dropdownPaddingBottom":"15px","dropdownPaddingX":"10px","dropdownMenuOffset":"2px","dropdownDividerMarginTop":"10px","dropdownDividerMarginBottom":"10px","dropdownBorderColor":"hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.08)","controllerBgHoverColor":"hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.1)","controllerIconColor":"var(--lia-bs-body-color)","controllerIconHoverColor":"var(--lia-bs-body-color)","controllerTextColor":"var(--lia-nav-controller-icon-color)","controllerTextHoverColor":"var(--lia-nav-controller-icon-hover-color)","controllerHighlightColor":"hsla(30, 100%, 50%)","controllerHighlightTextColor":"var(--lia-yiq-light)","controllerBorderRadius":"var(--lia-border-radius-50)","hamburgerColor":"var(--lia-nav-controller-icon-color)","hamburgerHoverColor":"var(--lia-nav-controller-icon-color)","hamburgerBgColor":"transparent","hamburgerBgHoverColor":"transparent","hamburgerBorder":"none","hamburgerBorderHover":"none","collapseMenuMarginLeft":"20px","collapseMenuDividerBg":"var(--lia-nav-link-color)","collapseMenuDividerOpacity":0.16,"__typename":"NavbarThemeSettings"},"pager":{"textColor":"var(--lia-bs-link-color)","textFontWeight":"var(--lia-font-weight-md)","textFontSize":"var(--lia-bs-font-size-sm)","__typename":"PagerThemeSettings"},"panel":{"bgColor":"var(--lia-bs-white)","borderRadius":"var(--lia-bs-border-radius)","borderColor":"var(--lia-bs-border-color)","boxShadow":"none","__typename":"PanelThemeSettings"},"popover":{"arrowHeight":"8px","arrowWidth":"16px","maxWidth":"300px","minWidth":"100px","headerBg":"var(--lia-bs-white)","borderColor":"var(--lia-bs-border-color)","borderRadius":"var(--lia-bs-border-radius)","boxShadow":"0 0.5rem 1rem hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.15)","__typename":"PopoverThemeSettings"},"prism":{"color":"#000000","bgColor":"#f5f2f0","fontFamily":"var(--font-family-monospace)","fontSize":"var(--lia-bs-font-size-base)","fontWeightBold":"var(--lia-bs-font-weight-bold)","fontStyleItalic":"italic","tabSize":2,"highlightColor":"#b3d4fc","commentColor":"#62707e","punctuationColor":"#6f6f6f","namespaceOpacity":"0.7","propColor":"#990055","selectorColor":"#517a00","operatorColor":"#906736","operatorBgColor":"hsla(0, 0%, 100%, 0.5)","keywordColor":"#0076a9","functionColor":"#d3284b","variableColor":"#c14700","__typename":"PrismThemeSettings"},"rte":{"bgColor":"var(--lia-bs-white)","borderRadius":"var(--lia-panel-border-radius)","boxShadow":" var(--lia-panel-box-shadow)","customColor1":"#bfedd2","customColor2":"#fbeeb8","customColor3":"#f8cac6","customColor4":"#eccafa","customColor5":"#c2e0f4","customColor6":"#2dc26b","customColor7":"#f1c40f","customColor8":"#e03e2d","customColor9":"#b96ad9","customColor10":"#3598db","customColor11":"#169179","customColor12":"#e67e23","customColor13":"#ba372a","customColor14":"#843fa1","customColor15":"#236fa1","customColor16":"#ecf0f1","customColor17":"#ced4d9","customColor18":"#95a5a6","customColor19":"#7e8c8d","customColor20":"#34495e","customColor21":"#000000","customColor22":"#ffffff","defaultMessageHeaderMarginTop":"14px","defaultMessageHeaderMarginBottom":"10px","defaultMessageItemMarginTop":"0","defaultMessageItemMarginBottom":"10px","diffAddedColor":"hsla(170, 53%, 51%, 0.4)","diffChangedColor":"hsla(43, 97%, 63%, 0.4)","diffNoneColor":"hsla(0, 0%, 80%, 0.4)","diffRemovedColor":"hsla(9, 74%, 47%, 0.4)","specialMessageHeaderMarginTop":"14px","specialMessageHeaderMarginBottom":"10px","specialMessageItemMarginTop":"0","specialMessageItemMarginBottom":"10px","__typename":"RteThemeSettings"},"tags":{"bgColor":"var(--lia-bs-gray-200)","bgHoverColor":"var(--lia-bs-gray-400)","borderRadius":"var(--lia-bs-border-radius-sm)","color":"var(--lia-bs-body-color)","hoverColor":"var(--lia-bs-body-color)","fontWeight":"var(--lia-font-weight-md)","fontSize":"var(--lia-font-size-xxs)","textTransform":"UPPERCASE","letterSpacing":"0.5px","__typename":"TagsThemeSettings"},"toasts":{"borderRadius":"var(--lia-bs-border-radius)","paddingX":"12px","__typename":"ToastsThemeSettings"},"typography":{"fontFamilyBase":"Atkinson Hyperlegible","fontStyleBase":"NORMAL","fontWeightBase":"400","fontWeightLight":"300","fontWeightNormal":"400","fontWeightMd":"500","fontWeightBold":"700","letterSpacingSm":"normal","letterSpacingXs":"normal","lineHeightBase":"1.3","fontSizeBase":"15px","fontSizeXxs":"11px","fontSizeXs":"12px","fontSizeSm":"13px","fontSizeLg":"20px","fontSizeXl":"24px","smallFontSize":"14px","customFonts":[],"__typename":"TypographyThemeSettings"},"unstyledListItem":{"marginBottomSm":"5px","marginBottomMd":"10px","marginBottomLg":"15px","marginBottomXl":"20px","marginBottomXxl":"25px","__typename":"UnstyledListItemThemeSettings"},"yiq":{"light":"#ffffff","dark":"#000000","__typename":"YiqThemeSettings"},"colorLightness":{"primaryDark":0.36,"primaryLight":0.74,"primaryLighter":0.89,"primaryLightest":0.95,"infoDark":0.39,"infoLight":0.72,"infoLighter":0.85,"infoLightest":0.93,"successDark":0.24,"successLight":0.62,"successLighter":0.8,"successLightest":0.91,"warningDark":0.39,"warningLight":0.68,"warningLighter":0.84,"warningLightest":0.93,"dangerDark":0.41,"dangerLight":0.72,"dangerLighter":0.89,"dangerLightest":0.95,"__typename":"ColorLightnessThemeSettings"},"localOverride":false,"__typename":"Theme"},"localOverride":false},"CachedAsset:text:en_US-shared/client/components/common/Loading/LoadingDot-1740415735000":{"__typename":"CachedAsset","id":"text:en_US-shared/client/components/common/Loading/LoadingDot-1740415735000","value":{"title":"Loading..."},"localOverride":false},"CachedAsset:quilt:f5.prod:pages/forums/ForumMessagePage:board:TechnicalForum-1741994366820":{"__typename":"CachedAsset","id":"quilt:f5.prod:pages/forums/ForumMessagePage:board:TechnicalForum-1741994366820","value":{"id":"ForumMessagePage","container":{"id":"Common","headerProps":{"backgroundImageProps":null,"backgroundColor":null,"addComponents":null,"removeComponents":["community.widget.bannerWidget"],"componentOrder":null,"__typename":"QuiltContainerSectionProps"},"headerComponentProps":{"community.widget.breadcrumbWidget":{"disableLastCrumbForDesktop":false}},"footerProps":null,"footerComponentProps":null,"items":[{"id":"message-list","layout":"MAIN_SIDE","bgColor":null,"showTitle":null,"showDescription":null,"textPosition":null,"textColor":null,"sectionEditLevel":null,"bgImage":null,"disableSpacing":null,"edgeToEdgeDisplay":null,"fullHeight":null,"showBorder":null,"__typename":"MainSideQuiltSection","columnMap":{"main":[{"id":"messages.widget.topicWithThreadedReplyListWidget","className":"lia-topic-with-replies","props":{"editLevel":"CONFIGURE"},"__typename":"QuiltComponent"}],"side":[{"id":"featuredWidgets.widget.featuredContentWidget","className":null,"props":{"instanceId":"featuredWidgets.widget.featuredContentWidget-1705956211049","layoutProps":{"layout":"card","layoutOptions":{"useRepliesCount":false,"useAuthorRank":false,"useTimeToRead":true,"useKudosCount":false,"useViewCount":false,"usePreviewMedia":true,"useBody":false,"useCenteredCardContent":false,"useTags":true,"useTimestamp":false,"useBoardLink":true,"useAuthorLink":false,"useSolvedBadge":true}},"titleSrOnly":false,"showPager":true,"pageSize":3,"lazyLoad":false},"__typename":"QuiltComponent"},{"id":"messages.widget.messageListForNodeByRecentActivityWidget","className":null,"props":{"hideIfEmpty":true,"pageSize":5,"pagerVariant":{"type":"loadMore"},"viewVariant":{"type":"inline","props":{"useRepliesCount":false,"useMedia":false,"useAuthorRank":false,"useNode":false,"boardIconSize":"24","truncateBodyLength":-1,"useNodeLink":true,"usePreviewMedia":false,"timeStampType":"conversation.lastPostingActivityTime","avatarSize":"40","useTextBody":true,"useSolvedBadge":true,"subjectAs":"h6","renderPostTimeBeforeAuthor":true,"useAvatar":false,"useTimeToRead":false,"useSpoilerFreeBody":true,"useKudosCount":false,"useViewCount":false,"useBody":false,"useTags":false,"clampSubjectLines":1,"useBoardIcon":true,"useMessageTimeLink":true,"clampBodyLines":3,"useAuthorLogin":true,"useUnreadCount":false,"useNodeHoverCard":true,"useSearchSnippet":false}},"lazyLoad":false,"listVariant":{"type":"unstyled","props":{"listItemSpacing":"xxl"}},"useTitle":true,"addTags":false,"titleContextVariant":"other","showTabs":false,"style":"compact","panelType":"standard","sorts":{"conversationLastPostingActivityTime":{"direction":"DESC"}}},"__typename":"QuiltComponent"},{"id":"messages.widget.relatedContentWidget","className":null,"props":{"hideIfEmpty":true,"enablePagination":false,"useTitle":true,"listVariant":{"type":"unstyled","props":{"listItemSpacing":"xxl"}},"pageSize":5,"style":"compact","pagerVariant":{"type":"none"},"viewVariant":{"type":"inline","props":{"useRepliesCount":false,"useMedia":false,"useAuthorRank":false,"useNode":false,"boardIconSize":"24","useAuthorLoginLink":true,"useNodeLink":true,"usePreviewMedia":true,"timeStampType":"postTime","useTextBody":true,"useSolvedBadge":false,"subjectAs":"h6","renderPostTimeBeforeAuthor":true,"useAvatar":false,"useVideoPreview":false,"portraitClampBodyLines":3,"useCompactSpacing":true,"useTimeToRead":false,"useSpoilerFreeBody":true,"useKudosCount":false,"useViewCount":false,"useBody":false,"useTags":false,"clampSubjectLines":1,"useBoardIcon":true,"useMessageTimeLink":true,"useAuthorLogin":true}},"lazyLoad":false,"panelType":"standard"},"__typename":"QuiltComponent"},{"id":"custom.widget.Community_Quicklinks","className":null,"props":{"customComponentId":"custom.widget.Community_Quicklinks"},"__typename":"QuiltComponent"}],"__typename":"MainSideSectionColumns"}}],"__typename":"QuiltContainer"},"__typename":"Quilt","localOverride":false},"localOverride":false},"CachedAsset:text:en_US-components/common/EmailVerification-1740415735000":{"__typename":"CachedAsset","id":"text:en_US-components/common/EmailVerification-1740415735000","value":{"email.verification.title":"Email Verification Required","email.verification.message.update.email":"To participate in the community, you must first verify your email address. The verification email was sent to {email}. To change your email, visit My Settings.","email.verification.message.resend.email":"To participate in the community, you must first verify your email address. The verification email was sent to {email}. Resend email."},"localOverride":false},"CachedAsset:text:en_US-pages/forums/ForumMessagePage-1740415735000":{"__typename":"CachedAsset","id":"text:en_US-pages/forums/ForumMessagePage-1740415735000","value":{"title":"{contextMessageSubject} | {communityTitle}","errorMissing":"This message cannot be found","name":"Forum Message Page","section.message-list.title":"Forum Discussion","archivedMessageTitle":"This Content Has Been Archived"},"localOverride":false},"CachedAsset:quiltWrapper:f5.prod:Common:1741994290810":{"__typename":"CachedAsset","id":"quiltWrapper:f5.prod:Common:1741994290810","value":{"id":"Common","header":{"backgroundImageProps":{"assetName":"header.jpg","backgroundSize":"COVER","backgroundRepeat":"NO_REPEAT","backgroundPosition":"LEFT_CENTER","lastModified":"1702932449000","__typename":"BackgroundImageProps"},"backgroundColor":"transparent","items":[{"id":"custom.widget.Beta_MetaNav","props":{"widgetVisibility":"signedInOrAnonymous","useTitle":true,"useBackground":false,"title":"","lazyLoad":false},"__typename":"QuiltComponent"},{"id":"community.widget.navbarWidget","props":{"showUserName":false,"showRegisterLink":true,"style":{"boxShadow":"var(--lia-bs-box-shadow-sm)","linkFontWeight":"700","controllerHighlightColor":"hsla(30, 100%, 50%)","dropdownDividerMarginBottom":"10px","hamburgerBorderHover":"none","linkFontSize":"15px","linkBoxShadowHover":"none","backgroundOpacity":0.4,"controllerBorderRadius":"var(--lia-border-radius-50)","hamburgerBgColor":"transparent","linkTextBorderBottom":"none","hamburgerColor":"var(--lia-nav-controller-icon-color)","brandLogoHeight":"48px","linkLetterSpacing":"normal","linkBgHoverColor":"transparent","collapseMenuDividerOpacity":0.16,"paddingBottom":"10px","dropdownPaddingBottom":"15px","dropdownMenuOffset":"2px","hamburgerBgHoverColor":"transparent","borderBottom":"0","hamburgerBorder":"none","dropdownPaddingX":"10px","brandMarginRightSm":"10px","linkBoxShadow":"none","linkJustifyContent":"center","linkColor":"var(--lia-bs-primary)","collapseMenuDividerBg":"var(--lia-nav-link-color)","dropdownPaddingTop":"10px","controllerHighlightTextColor":"var(--lia-yiq-dark)","background":{"imageAssetName":"","color":"var(--lia-bs-white)","size":"COVER","repeat":"NO_REPEAT","position":"CENTER_CENTER","imageLastModified":""},"linkBorderRadius":"var(--lia-bs-border-radius-sm)","linkHoverColor":"var(--lia-bs-primary)","position":"FIXED","linkBorder":"none","linkTextBorderBottomHover":"2px solid #0C5C8D","brandMarginRight":"30px","hamburgerHoverColor":"var(--lia-nav-controller-icon-color)","linkBorderHover":"none","collapseMenuMarginLeft":"20px","linkFontStyle":"NORMAL","linkPaddingX":"10px","paddingTop":"10px","linkPaddingY":"5px","linkTextTransform":"NONE","dropdownBorderColor":"hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.08)","controllerBgHoverColor":"hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.1)","linkDropdownPaddingX":"var(--lia-nav-link-px)","linkBgColor":"transparent","linkDropdownPaddingY":"9px","controllerIconColor":"#0C5C8D","dropdownDividerMarginTop":"10px","linkGap":"10px","controllerIconHoverColor":"#0C5C8D"},"links":{"sideLinks":[],"mainLinks":[{"children":[{"linkType":"INTERNAL","id":"migrated-link-1","params":{"boardId":"TechnicalForum","categoryId":"Forums"},"routeName":"ForumBoardPage"},{"linkType":"INTERNAL","id":"migrated-link-2","params":{"boardId":"WaterCooler","categoryId":"Forums"},"routeName":"ForumBoardPage"}],"linkType":"INTERNAL","id":"migrated-link-0","params":{"categoryId":"Forums"},"routeName":"CategoryPage"},{"children":[{"linkType":"INTERNAL","id":"migrated-link-4","params":{"boardId":"codeshare","categoryId":"CrowdSRC"},"routeName":"TkbBoardPage"},{"linkType":"INTERNAL","id":"migrated-link-5","params":{"boardId":"communityarticles","categoryId":"CrowdSRC"},"routeName":"TkbBoardPage"}],"linkType":"INTERNAL","id":"migrated-link-3","params":{"categoryId":"CrowdSRC"},"routeName":"CategoryPage"},{"children":[{"linkType":"INTERNAL","id":"migrated-link-7","params":{"boardId":"TechnicalArticles","categoryId":"Articles"},"routeName":"TkbBoardPage"},{"linkType":"INTERNAL","id":"article-series","params":{"boardId":"article-series","categoryId":"Articles"},"routeName":"TkbBoardPage"},{"linkType":"INTERNAL","id":"security-insights","params":{"boardId":"security-insights","categoryId":"Articles"},"routeName":"TkbBoardPage"},{"linkType":"INTERNAL","id":"migrated-link-8","params":{"boardId":"DevCentralNews","categoryId":"Articles"},"routeName":"TkbBoardPage"}],"linkType":"INTERNAL","id":"migrated-link-6","params":{"categoryId":"Articles"},"routeName":"CategoryPage"},{"children":[{"linkType":"INTERNAL","id":"migrated-link-10","params":{"categoryId":"CommunityGroups"},"routeName":"CategoryPage"},{"linkType":"INTERNAL","id":"migrated-link-11","params":{"categoryId":"F5-Groups"},"routeName":"CategoryPage"}],"linkType":"INTERNAL","id":"migrated-link-9","params":{"categoryId":"GroupsCategory"},"routeName":"CategoryPage"},{"children":[],"linkType":"INTERNAL","id":"migrated-link-12","params":{"boardId":"Events","categoryId":"top"},"routeName":"EventBoardPage"},{"children":[],"linkType":"INTERNAL","id":"migrated-link-13","params":{"boardId":"Suggestions","categoryId":"top"},"routeName":"IdeaBoardPage"},{"children":[],"linkType":"EXTERNAL","id":"Common-external-link","url":"https://community.f5.com/c/how-do-i","target":"SELF"}]},"className":"QuiltComponent_lia-component-edit-mode__lQ9Z6","showSearchIcon":false},"__typename":"QuiltComponent"},{"id":"community.widget.bannerWidget","props":{"backgroundColor":"transparent","visualEffects":{"showBottomBorder":false},"backgroundImageProps":{"backgroundSize":"COVER","backgroundPosition":"CENTER_CENTER","backgroundRepeat":"NO_REPEAT"},"fontColor":"#222222"},"__typename":"QuiltComponent"},{"id":"community.widget.breadcrumbWidget","props":{"backgroundColor":"var(--lia-bs-primary)","linkHighlightColor":"#FFFFFF","visualEffects":{"showBottomBorder":false},"backgroundOpacity":60,"linkTextColor":"#FFFFFF"},"__typename":"QuiltComponent"}],"__typename":"QuiltWrapperSection"},"footer":{"backgroundImageProps":{"assetName":null,"backgroundSize":"COVER","backgroundRepeat":"NO_REPEAT","backgroundPosition":"CENTER_CENTER","lastModified":null,"__typename":"BackgroundImageProps"},"backgroundColor":"var(--lia-bs-body-color)","items":[{"id":"custom.widget.Beta_Footer","props":{"widgetVisibility":"signedInOrAnonymous","useTitle":true,"useBackground":false,"title":"","lazyLoad":false},"__typename":"QuiltComponent"},{"id":"custom.widget.Tag_Manager_Helper","props":{"widgetVisibility":"signedInOrAnonymous","useTitle":true,"useBackground":false,"title":"","lazyLoad":false},"__typename":"QuiltComponent"},{"id":"custom.widget.Consent_Blackbar","props":{"widgetVisibility":"signedInOrAnonymous","useTitle":true,"useBackground":false,"title":"","lazyLoad":false},"__typename":"QuiltComponent"}],"__typename":"QuiltWrapperSection"},"__typename":"QuiltWrapper","localOverride":false},"localOverride":false},"CachedAsset:text:en_US-components/common/ActionFeedback-1740415735000":{"__typename":"CachedAsset","id":"text:en_US-components/common/ActionFeedback-1740415735000","value":{"joinedGroupHub.title":"Welcome","joinedGroupHub.message":"You are now a member of this group and are subscribed to updates.","groupHubInviteNotFound.title":"Invitation Not Found","groupHubInviteNotFound.message":"Sorry, we could not find your invitation to the group. The owner may have canceled the invite.","groupHubNotFound.title":"Group Not Found","groupHubNotFound.message":"The grouphub you tried to join does not exist. It may have been deleted.","existingGroupHubMember.title":"Already Joined","existingGroupHubMember.message":"You are already a member of this group.","accountLocked.title":"Account Locked","accountLocked.message":"Your account has been locked due to multiple failed attempts. Try again in {lockoutTime} minutes.","editedGroupHub.title":"Changes Saved","editedGroupHub.message":"Your group has been updated.","leftGroupHub.title":"Goodbye","leftGroupHub.message":"You are no longer a member of this group and will not receive future updates.","deletedGroupHub.title":"Deleted","deletedGroupHub.message":"The group has been deleted.","groupHubCreated.title":"Group Created","groupHubCreated.message":"{groupHubName} is ready to use","accountClosed.title":"Account Closed","accountClosed.message":"The account has been closed and you will now be redirected to the homepage","resetTokenExpired.title":"Reset Password Link has Expired","resetTokenExpired.message":"Try resetting your password again","invalidUrl.title":"Invalid URL","invalidUrl.message":"The URL you're using is not recognized. Verify your URL and try again.","accountClosedForUser.title":"Account Closed","accountClosedForUser.message":"{userName}'s account is closed","inviteTokenInvalid.title":"Invitation Invalid","inviteTokenInvalid.message":"Your invitation to the community has been canceled or expired.","inviteTokenError.title":"Invitation Verification Failed","inviteTokenError.message":"The url you are utilizing is not recognized. Verify your URL and try again","pageNotFound.title":"Access Denied","pageNotFound.message":"You do not have access to this area of the community or it doesn't exist","eventAttending.title":"Responded as Attending","eventAttending.message":"You'll be notified when there's new activity and reminded as the event approaches","eventInterested.title":"Responded as Interested","eventInterested.message":"You'll be notified when there's new activity and reminded as the event approaches","eventNotFound.title":"Event Not Found","eventNotFound.message":"The event you tried to respond to does not exist.","redirectToRelatedPage.title":"Showing Related Content","redirectToRelatedPageForBaseUsers.title":"Showing Related Content","redirectToRelatedPageForBaseUsers.message":"The content you are trying to access is archived","redirectToRelatedPage.message":"The content you are trying to access is archived","relatedUrl.archivalLink.flyoutMessage":"The content you are trying to access is archived View Archived Content"},"localOverride":false},"CachedAsset:component:custom.widget.Beta_MetaNav-en-1741994388310":{"__typename":"CachedAsset","id":"component:custom.widget.Beta_MetaNav-en-1741994388310","value":{"component":{"id":"custom.widget.Beta_MetaNav","template":{"id":"Beta_MetaNav","markupLanguage":"HANDLEBARS","style":null,"texts":null,"defaults":{"config":{"applicablePages":[],"description":"MetaNav menu at the top of every page.","fetchedContent":null,"__typename":"ComponentConfiguration"},"props":[],"__typename":"ComponentProperties"},"components":[{"id":"custom.widget.Beta_MetaNav","form":null,"config":null,"props":[],"__typename":"Component"}],"grouping":"CUSTOM","__typename":"ComponentTemplate"},"properties":{"config":{"applicablePages":[],"description":"MetaNav menu at the top of every page.","fetchedContent":null,"__typename":"ComponentConfiguration"},"props":[],"__typename":"ComponentProperties"},"form":null,"__typename":"Component","localOverride":false},"globalCss":null,"form":null},"localOverride":false},"CachedAsset:component:custom.widget.Community_Quicklinks-en-1741994388310":{"__typename":"CachedAsset","id":"component:custom.widget.Community_Quicklinks-en-1741994388310","value":{"component":{"id":"custom.widget.Community_Quicklinks","template":{"id":"Community_Quicklinks","markupLanguage":"HANDLEBARS","style":null,"texts":null,"defaults":{"config":{"applicablePages":[],"description":"","fetchedContent":null,"__typename":"ComponentConfiguration"},"props":[],"__typename":"ComponentProperties"},"components":[{"id":"custom.widget.Community_Quicklinks","form":null,"config":null,"props":[],"__typename":"Component"}],"grouping":"CUSTOM","__typename":"ComponentTemplate"},"properties":{"config":{"applicablePages":[],"description":"","fetchedContent":null,"__typename":"ComponentConfiguration"},"props":[],"__typename":"ComponentProperties"},"form":null,"__typename":"Component","localOverride":false},"globalCss":null,"form":null},"localOverride":false},"CachedAsset:component:custom.widget.Beta_Footer-en-1741994388310":{"__typename":"CachedAsset","id":"component:custom.widget.Beta_Footer-en-1741994388310","value":{"component":{"id":"custom.widget.Beta_Footer","template":{"id":"Beta_Footer","markupLanguage":"HANDLEBARS","style":null,"texts":null,"defaults":{"config":{"applicablePages":[],"description":"DevCentral´s custom footer.","fetchedContent":null,"__typename":"ComponentConfiguration"},"props":[],"__typename":"ComponentProperties"},"components":[{"id":"custom.widget.Beta_Footer","form":null,"config":null,"props":[],"__typename":"Component"}],"grouping":"CUSTOM","__typename":"ComponentTemplate"},"properties":{"config":{"applicablePages":[],"description":"DevCentral´s custom footer.","fetchedContent":null,"__typename":"ComponentConfiguration"},"props":[],"__typename":"ComponentProperties"},"form":null,"__typename":"Component","localOverride":false},"globalCss":null,"form":null},"localOverride":false},"CachedAsset:component:custom.widget.Tag_Manager_Helper-en-1741994388310":{"__typename":"CachedAsset","id":"component:custom.widget.Tag_Manager_Helper-en-1741994388310","value":{"component":{"id":"custom.widget.Tag_Manager_Helper","template":{"id":"Tag_Manager_Helper","markupLanguage":"HANDLEBARS","style":null,"texts":null,"defaults":{"config":{"applicablePages":[],"description":"Helper widget to inject Tag Manager scripts into head element","fetchedContent":null,"__typename":"ComponentConfiguration"},"props":[],"__typename":"ComponentProperties"},"components":[{"id":"custom.widget.Tag_Manager_Helper","form":null,"config":null,"props":[],"__typename":"Component"}],"grouping":"CUSTOM","__typename":"ComponentTemplate"},"properties":{"config":{"applicablePages":[],"description":"Helper widget to inject Tag Manager scripts into head element","fetchedContent":null,"__typename":"ComponentConfiguration"},"props":[],"__typename":"ComponentProperties"},"form":null,"__typename":"Component","localOverride":false},"globalCss":null,"form":null},"localOverride":false},"CachedAsset:component:custom.widget.Consent_Blackbar-en-1741994388310":{"__typename":"CachedAsset","id":"component:custom.widget.Consent_Blackbar-en-1741994388310","value":{"component":{"id":"custom.widget.Consent_Blackbar","template":{"id":"Consent_Blackbar","markupLanguage":"HTML","style":null,"texts":null,"defaults":{"config":{"applicablePages":[],"description":"","fetchedContent":null,"__typename":"ComponentConfiguration"},"props":[],"__typename":"ComponentProperties"},"components":[{"id":"custom.widget.Consent_Blackbar","form":null,"config":null,"props":[],"__typename":"Component"}],"grouping":"TEXTHTML","__typename":"ComponentTemplate"},"properties":{"config":{"applicablePages":[],"description":"","fetchedContent":null,"__typename":"ComponentConfiguration"},"props":[],"__typename":"ComponentProperties"},"form":null,"__typename":"Component","localOverride":false},"globalCss":null,"form":null},"localOverride":false},"CachedAsset:text:en_US-components/community/Breadcrumb-1740415735000":{"__typename":"CachedAsset","id":"text:en_US-components/community/Breadcrumb-1740415735000","value":{"navLabel":"Breadcrumbs","dropdown":"Additional parent page navigation"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageBanner-1740415735000":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageBanner-1740415735000","value":{"messageMarkedAsSpam":"This post has been marked as spam","messageMarkedAsSpam@board:TKB":"This article has been marked as spam","messageMarkedAsSpam@board:BLOG":"This post has been marked as spam","messageMarkedAsSpam@board:FORUM":"This discussion has been marked as spam","messageMarkedAsSpam@board:OCCASION":"This event has been marked as spam","messageMarkedAsSpam@board:IDEA":"This idea has been marked as spam","manageSpam":"Manage Spam","messageMarkedAsAbuse":"This post has been marked as abuse","messageMarkedAsAbuse@board:TKB":"This article has been marked as abuse","messageMarkedAsAbuse@board:BLOG":"This post has been marked as abuse","messageMarkedAsAbuse@board:FORUM":"This discussion has been marked as abuse","messageMarkedAsAbuse@board:OCCASION":"This event has been marked as abuse","messageMarkedAsAbuse@board:IDEA":"This idea has been marked as abuse","preModCommentAuthorText":"This comment will be published as soon as it is approved","preModCommentModeratorText":"This comment is awaiting moderation","messageMarkedAsOther":"This post has been rejected due to other reasons","messageMarkedAsOther@board:TKB":"This article has been rejected due to other reasons","messageMarkedAsOther@board:BLOG":"This post has been rejected due to other reasons","messageMarkedAsOther@board:FORUM":"This discussion has been rejected due to other reasons","messageMarkedAsOther@board:OCCASION":"This event has been rejected due to other reasons","messageMarkedAsOther@board:IDEA":"This idea has been rejected due to other reasons","messageArchived":"This post was archived on {date}","relatedUrl":"View Related Content","relatedContentText":"Showing related content","archivedContentLink":"View Archived Content"},"localOverride":false},"CachedAsset:text:en_US-components/featured/content/FeaturedContentWidget-1740415735000":{"__typename":"CachedAsset","id":"text:en_US-components/featured/content/FeaturedContentWidget-1740415735000","value":{"edit":"Edit Featured Content","title":"Featured Content","title@instance:iLVTsW":"Pinned Items","title@instance:featuredWidgets.widget.featuredContentWidget-1702666903735":"","title@instance:TZsNhL":"","title@instance:featuredWidgets.widget.featuredContentWidget-1702666556326":"","title@instance:featuredWidgets.widget.featuredContentWidget-1717525242793":"","title@instance:featuredWidgets.widget.featuredContentWidget-1705956211049":"","title@instance:featuredWidgets.widget.featuredContentWidget-1717525727595":"Pinned Items","title@instance:featuredWidgets.widget.featuredContentWidget-1728320145294":"Pinned Items","title@instance:featuredWidgets.widget.featuredContentWidget-1703882552800":""},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageListForNodeByRecentActivityWidget-1740415735000":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageListForNodeByRecentActivityWidget-1740415735000","value":{"title@userScope:other":"Recent Content","title@userScope:self":"Contributions","title@board:FORUM@userScope:other":"Recent Discussions","title@board:BLOG@userScope:other":"Recent Blogs","emptyDescription":"No content to show","MessageListForNodeByRecentActivityWidgetEditor.nodeScope.label":"Scope","title@instance:1706288370055":"Content Feed","title@instance:1704319314827":"Blog Feed","title@instance:1704317906837":"Content Feed","title@instance:1702668293472":"Community Feed","title@instance:1704320290851":"My Contributions","title@instance:1703720491809":"Forum Feed","title@instance:1703028709746":"Group Content Feed","title@instance:VTsglH":"Content Feed"},"localOverride":false},"CachedAsset:text:en_US-components/messages/RelatedContentWidget-1740415735000":{"__typename":"CachedAsset","id":"text:en_US-components/messages/RelatedContentWidget-1740415735000","value":{"title":"Related Content","emptyDescription":"No content to show"},"localOverride":false},"Forum:board:WaterCooler":{"__typename":"Forum","id":"board:WaterCooler","forumPolicies":{"__typename":"ForumPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}},"boardPolicies":{"__typename":"BoardPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:Articles":{"__typename":"Category","id":"category:Articles","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}},"entityType":"CATEGORY","displayId":"Articles","nodeType":"category","depth":1,"title":"Articles","shortTitle":"Articles"},"Tkb:board:TechnicalArticles":{"__typename":"Tkb","id":"board:TechnicalArticles","tkbPolicies":{"__typename":"TkbPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}},"boardPolicies":{"__typename":"BoardPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}},"entityType":"TKB","displayId":"TechnicalArticles","nodeType":"board","depth":2,"conversationStyle":"TKB","title":"Technical Articles","shortTitle":"Technical Articles","parent":{"__ref":"Category:category:Articles"},"userContext":{"__typename":"NodeUserContext","canAddAttachments":false,"canUpdateNode":false,"canPostMessages":false,"isSubscribed":false},"avatar":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bi0zNC0xM2k0MzE3N0Q2NjFBRDg5NDAy\"}"},"description":"F5 SMEs share good practice.","eventPath":"category:Articles/community:zihoc95639board:TechnicalArticles/"},"Tkb:board:DevCentralNews":{"__typename":"Tkb","id":"board:DevCentralNews","tkbPolicies":{"__typename":"TkbPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}},"boardPolicies":{"__typename":"BoardPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}},"entityType":"TKB","displayId":"DevCentralNews","nodeType":"board","depth":2,"conversationStyle":"TKB","title":"DevCentral News","shortTitle":"DevCentral News","parent":{"__ref":"Category:category:Articles"},"userContext":{"__typename":"NodeUserContext","canAddAttachments":false,"canUpdateNode":false,"canPostMessages":false,"isSubscribed":false},"avatar":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bi0zNi02aTlBNjU5MTlBODIzNDE3MDM\"}"},"description":"Wherein we talk amongst ourselves.","eventPath":"category:Articles/community:zihoc95639board:DevCentralNews/"},"Category:category:GroupsCategory":{"__typename":"Category","id":"category:GroupsCategory","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:F5-Groups":{"__typename":"Category","id":"category:F5-Groups","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:CommunityGroups":{"__typename":"Category","id":"category:CommunityGroups","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Occasion:board:Events":{"__typename":"Occasion","id":"board:Events","boardPolicies":{"__typename":"BoardPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}},"occasionPolicies":{"__typename":"OccasionPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Idea:board:Suggestions":{"__typename":"Idea","id":"board:Suggestions","boardPolicies":{"__typename":"BoardPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}},"ideaPolicies":{"__typename":"IdeaPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:CrowdSRC":{"__typename":"Category","id":"category:CrowdSRC","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}},"entityType":"CATEGORY","displayId":"CrowdSRC","nodeType":"category","depth":1,"title":"CrowdSRC","shortTitle":"CrowdSRC"},"Tkb:board:codeshare":{"__typename":"Tkb","id":"board:codeshare","tkbPolicies":{"__typename":"TkbPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}},"boardPolicies":{"__typename":"BoardPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}},"entityType":"TKB","displayId":"codeshare","nodeType":"board","depth":2,"conversationStyle":"TKB","title":"CodeShare","shortTitle":"CodeShare","parent":{"__ref":"Category:category:CrowdSRC"},"userContext":{"__typename":"NodeUserContext","canAddAttachments":false,"canUpdateNode":false,"canPostMessages":false,"isSubscribed":false},"avatar":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bi04Ny0xOTQ1NWk4ODNCOUNEMkFDNDZCQjI0\"}"},"description":"Have some code. Share some code.","eventPath":"category:CrowdSRC/community:zihoc95639board:codeshare/"},"Tkb:board:communityarticles":{"__typename":"Tkb","id":"board:communityarticles","tkbPolicies":{"__typename":"TkbPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}},"boardPolicies":{"__typename":"BoardPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Tkb:board:security-insights":{"__typename":"Tkb","id":"board:security-insights","tkbPolicies":{"__typename":"TkbPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}},"boardPolicies":{"__typename":"BoardPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Tkb:board:article-series":{"__typename":"Tkb","id":"board:article-series","tkbPolicies":{"__typename":"TkbPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}},"boardPolicies":{"__typename":"BoardPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Conversation:conversation:340270":{"__typename":"Conversation","id":"conversation:340270","topic":{"__typename":"ForumTopicMessage","uid":340270},"lastPostingActivityTime":"2025-03-15T04:18:17.048-07:00","solved":false},"ForumTopicMessage:message:340270":{"__typename":"ForumTopicMessage","subject":"AS3 Limitations","conversation":{"__ref":"Conversation:conversation:340270"},"id":"message:340270","revisionNum":1,"uid":340270,"depth":0,"board":{"__ref":"Forum:board:TechnicalForum"},"author":{"__typename":"User","uid":138559,"login":"Anesh","registrationData":{"__typename":"RegistrationData","status":null},"deleted":false},"metrics":{"__typename":"MessageMetrics","views":21},"postTime":"2025-03-14T11:43:00.488-07:00","lastPublishTime":"2025-03-14T11:43:00.488-07:00","readOnly":false},"Conversation:conversation:340275":{"__typename":"Conversation","id":"conversation:340275","topic":{"__typename":"ForumTopicMessage","uid":340275},"lastPostingActivityTime":"2025-03-14T16:37:18.116-07:00","solved":false},"ForumTopicMessage:message:340275":{"__typename":"ForumTopicMessage","subject":"Diameter iRules attachment?","conversation":{"__ref":"Conversation:conversation:340275"},"id":"message:340275","revisionNum":1,"uid":340275,"depth":0,"board":{"__ref":"Forum:board:TechnicalForum"},"author":{"__typename":"User","uid":435330,"login":"symtexxd","registrationData":{"__typename":"RegistrationData","status":null},"deleted":false},"metrics":{"__typename":"MessageMetrics","views":8},"postTime":"2025-03-14T16:37:18.116-07:00","lastPublishTime":"2025-03-14T16:37:18.116-07:00","readOnly":false},"Conversation:conversation:340267":{"__typename":"Conversation","id":"conversation:340267","topic":{"__typename":"ForumTopicMessage","uid":340267},"lastPostingActivityTime":"2025-03-14T11:46:32.378-07:00","solved":false},"ForumTopicMessage:message:340267":{"__typename":"ForumTopicMessage","subject":"Help needed with iRule (connection closed log )","conversation":{"__ref":"Conversation:conversation:340267"},"id":"message:340267","revisionNum":1,"uid":340267,"depth":0,"board":{"__ref":"Forum:board:TechnicalForum"},"author":{"__typename":"User","uid":435325,"login":"Vicstick0810","registrationData":{"__typename":"RegistrationData","status":null},"deleted":false},"metrics":{"__typename":"MessageMetrics","views":30},"postTime":"2025-03-14T05:52:25.099-07:00","lastPublishTime":"2025-03-14T05:52:25.099-07:00","readOnly":false},"Conversation:conversation:340221":{"__typename":"Conversation","id":"conversation:340221","topic":{"__typename":"ForumTopicMessage","uid":340221},"lastPostingActivityTime":"2025-03-14T11:31:47.471-07:00","solved":false},"ForumTopicMessage:message:340221":{"__typename":"ForumTopicMessage","subject":"Use of SSL Decryption.","conversation":{"__ref":"Conversation:conversation:340221"},"id":"message:340221","revisionNum":1,"uid":340221,"depth":0,"board":{"__ref":"Forum:board:TechnicalForum"},"author":{"__typename":"User","uid":40101,"login":"RockBD","registrationData":{"__typename":"RegistrationData","status":null},"deleted":false},"metrics":{"__typename":"MessageMetrics","views":40},"postTime":"2025-03-11T11:21:58.024-07:00","lastPublishTime":"2025-03-11T11:21:58.024-07:00","readOnly":false},"Conversation:conversation:340194":{"__typename":"Conversation","id":"conversation:340194","topic":{"__typename":"ForumTopicMessage","uid":340194},"lastPostingActivityTime":"2025-03-14T06:18:56.934-07:00","solved":false},"ForumTopicMessage:message:340194":{"__typename":"ForumTopicMessage","subject":"VLAN Failsafe Functionality","conversation":{"__ref":"Conversation:conversation:340194"},"id":"message:340194","revisionNum":1,"uid":340194,"depth":0,"board":{"__ref":"Forum:board:TechnicalForum"},"author":{"__typename":"User","uid":435257,"login":"Excel","registrationData":{"__typename":"RegistrationData","status":null},"deleted":false},"metrics":{"__typename":"MessageMetrics","views":31},"postTime":"2025-03-09T05:15:59.568-07:00","lastPublishTime":"2025-03-09T05:15:59.568-07:00","readOnly":false},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/cmstMjktRWl0NU5q\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/cmstMjktRWl0NU5q","height":24,"width":21,"mimeType":"image/png"},"Rank:rank:29":{"__typename":"Rank","id":"rank:29","position":6,"name":"MVP","color":"7CC0EB","icon":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/cmstMjktRWl0NU5q\"}"},"rankStyle":"FILLED"},"User:user:126518":{"__typename":"User","id":"user:126518","uid":126518,"login":"Juergen_Mang","biography":null,"registrationData":{"__typename":"RegistrationData","status":null,"registrationTime":"2020-07-03T02:41:18.000-07:00","confirmEmailStatus":null,"registrationAccessLevel":null,"ssoRegistrationFields":[]},"deleted":false,"email":"","avatar":{"__typename":"UserAvatar","url":"https://community.f5.com/t5/s/zihoc95639/images/dS0xMjY1MTgtbDFwdUZs?image-coordinates=19%2C0%2C1004%2C984"},"rank":{"__ref":"Rank:rank:29"},"messagesCount":279,"kudosGivenCount":52,"kudosReceivedCount":160,"kudosWeight":1,"ssoId":null,"followersCount":null,"solutionsCount":20,"entityType":"USER","eventPath":"community:zihoc95639/user:126518"},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bi04Ny0xOTQ1NWk4ODNCOUNEMkFDNDZCQjI0\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bi04Ny0xOTQ1NWk4ODNCOUNEMkFDNDZCQjI0","mimeType":"image/png"},"TkbTopicMessage:message:326671":{"__typename":"TkbTopicMessage","uid":326671,"subject":"POC: Validate JWT with iRule","id":"message:326671","revisionNum":4,"repliesCount":2,"author":{"__ref":"User:user:126518"},"depth":0,"hasGivenKudo":false,"helpful":null,"board":{"__ref":"Tkb:board:codeshare"},"conversation":{"__ref":"Conversation:conversation:326671"},"contentWorkflow":{"__typename":"ContentWorkflow","state":"PUBLISH","scheduledPublishTime":null,"scheduledTimezone":null,"shortScheduledTimezone":null,"userContext":{"__typename":"MessageWorkflowContext","canSubmitForReview":null,"canEdit":false,"canRecall":null,"canSubmitForPublication":null,"canReturnToAuthor":null,"canPublish":null,"canReturnToReview":null,"canSchedule":false}},"moderationData":{"__ref":"ModerationData:moderation_data:326671"},"teaser@stripHtml({\"removeProcessingText\":false,\"truncateLength\":200})":"","postTime":"2024-01-09T02:29:58.730-08:00","lastPublishTime":"2024-01-19T00:16:32.340-08:00","readOnly":false,"introduction":"","metrics":{"__typename":"MessageMetrics","views":573},"placeholder":false,"originalMessageForPlaceholder":null,"entityType":"TKB_ARTICLE","eventPath":"category:CrowdSRC/community:zihoc95639board:codeshare/message:326671"},"Conversation:conversation:326671":{"__typename":"Conversation","id":"conversation:326671","solved":false,"topic":{"__ref":"TkbTopicMessage:message:326671"},"lastPostingActivityTime":"2024-01-19T00:16:32.340-08:00","lastPostTime":"2024-01-18T09:26:22.294-08:00"},"ModerationData:moderation_data:326671":{"__typename":"ModerationData","id":"moderation_data:326671","status":"APPROVED","rejectReason":null},"RelatedContentMessage:RelatedContentMessage:326671":{"__typename":"RelatedContentMessage","id":"RelatedContentMessage:326671","relatedMessage":{"__ref":"TkbTopicMessage:message:326671"}},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/cmstMjgtQ3U0RXo2\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/cmstMjgtQ3U0RXo2","height":0,"width":0,"mimeType":"image/svg+xml"},"Rank:rank:28":{"__typename":"Rank","id":"rank:28","position":5,"name":"Employee","color":"C20025","icon":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/cmstMjgtQ3U0RXo2\"}"},"rankStyle":"OUTLINE"},"User:user:130391":{"__typename":"User","id":"user:130391","uid":130391,"login":"Kevin_Stewart","biography":null,"registrationData":{"__typename":"RegistrationData","status":null,"registrationTime":"2006-03-16T00:00:00.000-08:00","confirmEmailStatus":null,"registrationAccessLevel":null,"ssoRegistrationFields":[]},"deleted":false,"email":"","avatar":{"__typename":"UserAvatar","url":"https://community.f5.com/t5/s/zihoc95639/images/dS0xMzAzOTEtelZmemp2?image-coordinates=0%2C0%2C500%2C500"},"rank":{"__ref":"Rank:rank:28"},"messagesCount":5756,"kudosGivenCount":0,"kudosReceivedCount":162,"kudosWeight":1,"ssoId":null,"followersCount":null,"solutionsCount":29,"entityType":"USER","eventPath":"community:zihoc95639/user:130391"},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bi0zNC0xM2k0MzE3N0Q2NjFBRDg5NDAy\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bi0zNC0xM2k0MzE3N0Q2NjFBRDg5NDAy","mimeType":"image/png"},"TkbTopicMessage:message:328935":{"__typename":"TkbTopicMessage","uid":328935,"subject":"Automating ACMEv2 Certificate Management on BIG-IP","id":"message:328935","revisionNum":6,"repliesCount":13,"author":{"__ref":"User:user:130391"},"depth":0,"hasGivenKudo":false,"helpful":null,"board":{"__ref":"Tkb:board:TechnicalArticles"},"conversation":{"__ref":"Conversation:conversation:328935"},"contentWorkflow":{"__typename":"ContentWorkflow","state":"PUBLISH","scheduledPublishTime":null,"scheduledTimezone":null,"shortScheduledTimezone":null,"userContext":{"__typename":"MessageWorkflowContext","canSubmitForReview":null,"canEdit":false,"canRecall":null,"canSubmitForPublication":null,"canReturnToAuthor":null,"canPublish":null,"canReturnToReview":null,"canSchedule":false}},"moderationData":{"__ref":"ModerationData:moderation_data:328935"},"teaser@stripHtml({\"removeProcessingText\":false,\"truncateLength\":200})":" While we often associate and confuse Let's Encrypt with ACMEv2, the former is ultimately a consumer of the latter. The \"Automated Certificate Management Environment\" (ACME) protocol describes a syste...","postTime":"2024-04-17T05:00:00.037-07:00","lastPublishTime":"2024-04-17T05:00:00.037-07:00","readOnly":false,"introduction":"While we often associate and confuse Let's Encrypt with ACMEv2, the former is ultimately a consumer of the latter. The \"Automated Certificate Management Environment\" (ACME) protocol describes a system for automating the renewal of PKI certificates. The ACME protocol can be used with public services like Let's Encrypt, but also with internal certificate management services. In this article we explore the more generic support of ACME (version 2) on the F5 BIG-IP.","metrics":{"__typename":"MessageMetrics","views":5145},"placeholder":false,"originalMessageForPlaceholder":null,"entityType":"TKB_ARTICLE","eventPath":"category:Articles/community:zihoc95639board:TechnicalArticles/message:328935"},"Conversation:conversation:328935":{"__typename":"Conversation","id":"conversation:328935","solved":false,"topic":{"__ref":"TkbTopicMessage:message:328935"},"lastPostingActivityTime":"2025-02-17T09:49:47.019-08:00","lastPostTime":"2025-02-17T09:49:47.019-08:00"},"ModerationData:moderation_data:328935":{"__typename":"ModerationData","id":"moderation_data:328935","status":"APPROVED","rejectReason":null},"RelatedContentMessage:RelatedContentMessage:328935":{"__typename":"RelatedContentMessage","id":"RelatedContentMessage:328935","relatedMessage":{"__ref":"TkbTopicMessage:message:328935"}},"User:user:322278":{"__typename":"User","id":"user:322278","uid":322278,"login":"PeteWhite","biography":null,"registrationData":{"__typename":"RegistrationData","status":null,"registrationTime":"2019-05-16T04:49:31.000-07:00","confirmEmailStatus":null,"registrationAccessLevel":null,"ssoRegistrationFields":[]},"deleted":false,"email":"","avatar":{"__typename":"UserAvatar","url":"https://community.f5.com/t5/s/zihoc95639/m_assets/avatars/default/avatar-5.svg?time=0"},"rank":{"__ref":"Rank:rank:28"},"messagesCount":832,"kudosGivenCount":14,"kudosReceivedCount":101,"kudosWeight":1,"ssoId":null,"followersCount":null,"solutionsCount":29,"entityType":"USER","eventPath":"community:zihoc95639/user:322278"},"TkbTopicMessage:message:284913":{"__typename":"TkbTopicMessage","uid":284913,"subject":"X509 Subject Formatting","id":"message:284913","revisionNum":1,"repliesCount":15,"author":{"__ref":"User:user:322278"},"depth":0,"hasGivenKudo":false,"helpful":null,"board":{"__ref":"Tkb:board:codeshare"},"conversation":{"__ref":"Conversation:conversation:284913"},"contentWorkflow":{"__typename":"ContentWorkflow","state":"PUBLISH","scheduledPublishTime":null,"scheduledTimezone":null,"shortScheduledTimezone":null,"userContext":{"__typename":"MessageWorkflowContext","canSubmitForReview":null,"canEdit":false,"canRecall":null,"canSubmitForPublication":null,"canReturnToAuthor":null,"canPublish":null,"canReturnToReview":null,"canSchedule":false}},"moderationData":{"__ref":"ModerationData:moderation_data:284913"},"teaser@stripHtml({\"removeProcessingText\":false,\"truncateLength\":200})":"","postTime":"2019-10-18T05:09:53.000-07:00","lastPublishTime":"2019-10-18T05:09:53.000-07:00","readOnly":false,"introduction":"","metrics":{"__typename":"MessageMetrics","views":1745},"placeholder":false,"originalMessageForPlaceholder":null,"entityType":"TKB_ARTICLE","eventPath":"category:CrowdSRC/community:zihoc95639board:codeshare/message:284913"},"Conversation:conversation:284913":{"__typename":"Conversation","id":"conversation:284913","solved":false,"topic":{"__ref":"TkbTopicMessage:message:284913"},"lastPostingActivityTime":"2020-02-24T05:35:31.000-08:00","lastPostTime":"2020-02-24T05:35:31.000-08:00"},"ModerationData:moderation_data:284913":{"__typename":"ModerationData","id":"moderation_data:284913","status":"APPROVED","rejectReason":null},"RelatedContentMessage:RelatedContentMessage:284913":{"__typename":"RelatedContentMessage","id":"RelatedContentMessage:284913","relatedMessage":{"__ref":"TkbTopicMessage:message:284913"}},"User:user:419489":{"__typename":"User","id":"user:419489","uid":419489,"login":"HeidiSchreifels","biography":null,"registrationData":{"__typename":"RegistrationData","status":null,"registrationTime":"2022-07-15T10:09:37.046-07:00","confirmEmailStatus":null,"registrationAccessLevel":null,"ssoRegistrationFields":[]},"deleted":false,"email":"","avatar":{"__typename":"UserAvatar","url":"https://community.f5.com/t5/s/zihoc95639/images/dS00MTk0ODktMjQ4MDNpQkJCNDk5OUIzQkQ5NkNFNQ"},"rank":{"__ref":"Rank:rank:28"},"messagesCount":17,"kudosGivenCount":24,"kudosReceivedCount":28,"kudosWeight":1,"ssoId":null,"followersCount":null,"solutionsCount":1,"entityType":"USER","eventPath":"community:zihoc95639/user:419489"},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bi0zNi02aTlBNjU5MTlBODIzNDE3MDM\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bi0zNi02aTlBNjU5MTlBODIzNDE3MDM","mimeType":"image/png"},"TkbTopicMessage:message:339247":{"__typename":"TkbTopicMessage","uid":339247,"subject":"Help F5 Transform the BIG-IP Administrator Certification","id":"message:339247","revisionNum":12,"repliesCount":0,"author":{"__ref":"User:user:419489"},"depth":0,"hasGivenKudo":false,"helpful":null,"board":{"__ref":"Tkb:board:DevCentralNews"},"conversation":{"__ref":"Conversation:conversation:339247"},"contentWorkflow":{"__typename":"ContentWorkflow","state":"PUBLISH","scheduledPublishTime":null,"scheduledTimezone":null,"shortScheduledTimezone":null,"userContext":{"__typename":"MessageWorkflowContext","canSubmitForReview":null,"canEdit":false,"canRecall":null,"canSubmitForPublication":null,"canReturnToAuthor":null,"canPublish":null,"canReturnToReview":null,"canSchedule":false}},"moderationData":{"__ref":"ModerationData:moderation_data:339247"},"teaser@stripHtml({\"removeProcessingText\":false,\"truncateLength\":200})":"","postTime":"2025-01-23T11:33:49.509-08:00","lastPublishTime":"2025-01-23T11:33:49.509-08:00","readOnly":false,"introduction":"","metrics":{"__typename":"MessageMetrics","views":438},"placeholder":false,"originalMessageForPlaceholder":null,"entityType":"TKB_ARTICLE","eventPath":"category:Articles/community:zihoc95639board:DevCentralNews/message:339247"},"Conversation:conversation:339247":{"__typename":"Conversation","id":"conversation:339247","solved":false,"topic":{"__ref":"TkbTopicMessage:message:339247"},"lastPostingActivityTime":"2025-01-23T11:33:49.509-08:00","lastPostTime":"2025-01-23T11:33:49.509-08:00"},"ModerationData:moderation_data:339247":{"__typename":"ModerationData","id":"moderation_data:339247","status":"APPROVED","rejectReason":null},"RelatedContentMessage:RelatedContentMessage:339247":{"__typename":"RelatedContentMessage","id":"RelatedContentMessage:339247","relatedMessage":{"__ref":"TkbTopicMessage:message:339247"}},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/cmstMS01bkFrOTY\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/cmstMS01bkFrOTY","height":0,"width":0,"mimeType":"image/svg+xml"},"Rank:rank:1":{"__typename":"Rank","id":"rank:1","position":0,"name":"Admin","color":"C20025","icon":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/cmstMS01bkFrOTY\"}"},"rankStyle":"FILLED"},"User:user:51154":{"__typename":"User","id":"user:51154","uid":51154,"login":"JRahm","biography":null,"registrationData":{"__typename":"RegistrationData","status":null,"registrationTime":"2005-01-20T00:00:00.000-08:00","confirmEmailStatus":null,"registrationAccessLevel":null,"ssoRegistrationFields":[]},"deleted":false,"email":"","avatar":{"__typename":"UserAvatar","url":"https://community.f5.com/t5/s/zihoc95639/images/dS01MTE1NC1uYzdSVFk?image-coordinates=0%2C0%2C1067%2C1067"},"rank":{"__ref":"Rank:rank:1"},"messagesCount":4625,"kudosGivenCount":828,"kudosReceivedCount":1053,"kudosWeight":1,"ssoId":null,"followersCount":null,"solutionsCount":91,"entityType":"USER","eventPath":"community:zihoc95639/user:51154"},"TkbTopicMessage:message:293783":{"__typename":"TkbTopicMessage","uid":293783,"subject":"Automate Let's Encrypt Certificates on BIG-IP","id":"message:293783","revisionNum":3,"repliesCount":18,"author":{"__ref":"User:user:51154"},"depth":0,"hasGivenKudo":false,"helpful":null,"board":{"__ref":"Tkb:board:TechnicalArticles"},"conversation":{"__ref":"Conversation:conversation:293783"},"contentWorkflow":{"__typename":"ContentWorkflow","state":"PUBLISH","scheduledPublishTime":null,"scheduledTimezone":null,"shortScheduledTimezone":null,"userContext":{"__typename":"MessageWorkflowContext","canSubmitForReview":null,"canEdit":false,"canRecall":null,"canSubmitForPublication":null,"canReturnToAuthor":null,"canPublish":null,"canReturnToReview":null,"canSchedule":false}},"moderationData":{"__ref":"ModerationData:moderation_data:293783"},"teaser@stripHtml({\"removeProcessingText\":false,\"truncateLength\":200})":"","postTime":"2022-03-30T09:00:00.032-07:00","lastPublishTime":"2022-03-31T13:33:09.302-07:00","readOnly":false,"introduction":"","metrics":{"__typename":"MessageMetrics","views":24218},"placeholder":false,"originalMessageForPlaceholder":null,"entityType":"TKB_ARTICLE","eventPath":"category:Articles/community:zihoc95639board:TechnicalArticles/message:293783"},"Conversation:conversation:293783":{"__typename":"Conversation","id":"conversation:293783","solved":false,"topic":{"__ref":"TkbTopicMessage:message:293783"},"lastPostingActivityTime":"2023-09-13T14:23:10.184-07:00","lastPostTime":"2023-09-13T14:23:10.184-07:00"},"ModerationData:moderation_data:293783":{"__typename":"ModerationData","id":"moderation_data:293783","status":"APPROVED","rejectReason":null},"RelatedContentMessage:RelatedContentMessage:293783":{"__typename":"RelatedContentMessage","id":"RelatedContentMessage:293783","relatedMessage":{"__ref":"TkbTopicMessage:message:293783"}},"QueryVariables:TopicReplyList:message:187254:1":{"__typename":"QueryVariables","id":"TopicReplyList:message:187254:1","value":{"id":"message:187254","first":10,"after":"MjQuMTJ8Mi4xfGl8MTB8Mzk6MXxpbnQsMTg3MjU1LDE4NzI2NA","sorts":{"postTime":{"direction":"ASC"}},"repliesFirst":3,"repliesFirstDepthThree":1,"repliesSorts":{"postTime":{"direction":"ASC"}},"useAvatar":true,"useAuthorLogin":true,"useAuthorRank":true,"useBody":true,"useKudosCount":true,"useTimeToRead":false,"useMedia":false,"useReadOnlyIcon":false,"useRepliesCount":true,"useSearchSnippet":false,"useAcceptedSolutionButton":true,"useSolvedBadge":false,"useAttachments":false,"attachmentsFirst":5,"useTags":true,"useNodeAncestors":false,"useUserHoverCard":false,"useNodeHoverCard":false,"useModerationStatus":true,"usePreviewSubjectModal":false,"useMessageStatus":true}},"ROOT_MUTATION":{"__typename":"Mutation"},"CachedAsset:text:en_US-components/community/Navbar-1740415735000":{"__typename":"CachedAsset","id":"text:en_US-components/community/Navbar-1740415735000","value":{"community":"Community Home","inbox":"Inbox","manageContent":"Manage Content","tos":"Terms of Service","forgotPassword":"Forgot Password","themeEditor":"Theme Editor","edit":"Edit Navigation Bar","skipContent":"Skip to content","migrated-link-9":"Groups","migrated-link-7":"Technical Articles","migrated-link-8":"DevCentral News","migrated-link-1":"Technical Forum","migrated-link-10":"Community Groups","migrated-link-2":"Water Cooler","migrated-link-11":"F5 Groups","Common-external-link":"How Do I...?","migrated-link-0":"Forums","article-series":"Article Series","migrated-link-5":"Community Articles","migrated-link-6":"Articles","security-insights":"Security Insights","migrated-link-3":"CrowdSRC","migrated-link-4":"CodeShare","migrated-link-12":"Events","migrated-link-13":"Suggestions"},"localOverride":false},"CachedAsset:text:en_US-components/community/NavbarHamburgerDropdown-1740415735000":{"__typename":"CachedAsset","id":"text:en_US-components/community/NavbarHamburgerDropdown-1740415735000","value":{"hamburgerLabel":"Side Menu"},"localOverride":false},"CachedAsset:text:en_US-components/community/BrandLogo-1740415735000":{"__typename":"CachedAsset","id":"text:en_US-components/community/BrandLogo-1740415735000","value":{"logoAlt":"Khoros","themeLogoAlt":"Brand Logo"},"localOverride":false},"CachedAsset:text:en_US-components/community/NavbarTextLinks-1740415735000":{"__typename":"CachedAsset","id":"text:en_US-components/community/NavbarTextLinks-1740415735000","value":{"more":"More"},"localOverride":false},"CachedAsset:text:en_US-components/authentication/AuthenticationLink-1740415735000":{"__typename":"CachedAsset","id":"text:en_US-components/authentication/AuthenticationLink-1740415735000","value":{"title.login":"Sign In","title.registration":"Register","title.forgotPassword":"Forgot Password","title.multiAuthLogin":"Sign In"},"localOverride":false},"CachedAsset:text:en_US-components/nodes/NodeLink-1740415735000":{"__typename":"CachedAsset","id":"text:en_US-components/nodes/NodeLink-1740415735000","value":{"place":"Place {name}"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageView/MessageViewStandard-1740415735000":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageView/MessageViewStandard-1740415735000","value":{"anonymous":"Anonymous","author":"{messageAuthorLogin}","authorBy":"{messageAuthorLogin}","board":"{messageBoardTitle}","replyToUser":" to {parentAuthor}","showMoreReplies":"Show More","replyText":"Reply","repliesText":"Replies","markedAsSolved":"Marked as Solved","movedMessagePlaceholder.BLOG":"{count, plural, =0 {This comment has been} other {These comments have been} }","movedMessagePlaceholder.TKB":"{count, plural, =0 {This comment has been} other {These comments have been} }","movedMessagePlaceholder.FORUM":"{count, plural, =0 {This reply has been} other {These replies have been} }","movedMessagePlaceholder.IDEA":"{count, plural, =0 {This comment has been} other {These comments have been} }","movedMessagePlaceholder.OCCASION":"{count, plural, =0 {This comment has been} other {These comments have been} }","movedMessagePlaceholderUrlText":"moved.","messageStatus":"Status: ","statusChanged":"Status changed: {previousStatus} to {currentStatus}","statusAdded":"Status added: {status}","statusRemoved":"Status removed: {status}","labelExpand":"expand replies","labelCollapse":"collapse replies","unhelpfulReason.reason1":"Content is outdated","unhelpfulReason.reason2":"Article is missing information","unhelpfulReason.reason3":"Content is for a different Product","unhelpfulReason.reason4":"Doesn't match what I was searching for"},"localOverride":false},"CachedAsset:text:en_US-components/messages/ThreadedReplyList-1740415735000":{"__typename":"CachedAsset","id":"text:en_US-components/messages/ThreadedReplyList-1740415735000","value":{"title":"{count, plural, one{# Reply} other{# Replies}}","title@board:BLOG":"{count, plural, one{# Comment} other{# Comments}}","title@board:TKB":"{count, plural, one{# Comment} other{# Comments}}","title@board:IDEA":"{count, plural, one{# Comment} other{# Comments}}","title@board:OCCASION":"{count, plural, one{# Comment} other{# Comments}}","noRepliesTitle":"No Replies","noRepliesTitle@board:BLOG":"No Comments","noRepliesTitle@board:TKB":"No Comments","noRepliesTitle@board:IDEA":"No Comments","noRepliesTitle@board:OCCASION":"No Comments","noRepliesDescription":"Be the first to reply","noRepliesDescription@board:BLOG":"Be the first to comment","noRepliesDescription@board:TKB":"Be the first to comment","noRepliesDescription@board:IDEA":"Be the first to comment","noRepliesDescription@board:OCCASION":"Be the first to comment","messageReadOnlyAlert:BLOG":"Comments have been turned off for this post","messageReadOnlyAlert:TKB":"Comments have been turned off for this article","messageReadOnlyAlert:IDEA":"Comments have been turned off for this idea","messageReadOnlyAlert:FORUM":"Replies have been turned off for this discussion","messageReadOnlyAlert:OCCASION":"Comments have been turned off for this event"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageReplyCallToAction-1740415735000":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageReplyCallToAction-1740415735000","value":{"leaveReply":"Leave a reply...","leaveReply@board:BLOG@message:root":"Leave a comment...","leaveReply@board:TKB@message:root":"Leave a comment...","leaveReply@board:IDEA@message:root":"Leave a comment...","leaveReply@board:OCCASION@message:root":"Leave a comment...","repliesTurnedOff.FORUM":"Replies are turned off for this topic","repliesTurnedOff.BLOG":"Comments are turned off for this topic","repliesTurnedOff.TKB":"Comments are turned off for this topic","repliesTurnedOff.IDEA":"Comments are turned off for this topic","repliesTurnedOff.OCCASION":"Comments are turned off for this topic","infoText":"Stop poking me!"},"localOverride":false},"CachedAsset:text:en_US-shared/client/components/common/QueryHandler-1740415735000":{"__typename":"CachedAsset","id":"text:en_US-shared/client/components/common/QueryHandler-1740415735000","value":{"title":"Query Handler"},"localOverride":false},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/cmstMzctMmdkZklv\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/cmstMzctMmdkZklv","height":0,"width":0,"mimeType":"image/svg+xml"},"Rank:rank:37":{"__typename":"Rank","id":"rank:37","position":14,"name":"Cirrostratus","color":"CCCCCC","icon":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/cmstMzctMmdkZklv\"}"},"rankStyle":"FILLED"},"User:user:29768":{"__typename":"User","id":"user:29768","uid":29768,"login":"hoolio","biography":null,"registrationData":{"__typename":"RegistrationData","status":null,"registrationTime":"2005-09-08T01:00:00.000-07:00"},"deleted":false,"email":"","avatar":{"__typename":"UserAvatar","url":"https://community.f5.com/t5/s/zihoc95639/m_assets/avatars/default/avatar-7.svg?time=0"},"rank":{"__ref":"Rank:rank:37"},"entityType":"USER","eventPath":"community:zihoc95639/user:29768"},"ModerationData:moderation_data:187265":{"__typename":"ModerationData","id":"moderation_data:187265","status":"APPROVED","rejectReason":null,"isReportedAbuse":false,"rejectUser":null,"rejectTime":null,"rejectActorType":null},"ForumReplyMessage:message:187265":{"__typename":"ForumReplyMessage","author":{"__ref":"User:user:29768"},"id":"message:187265","revisionNum":1,"uid":187265,"depth":1,"hasGivenKudo":false,"subscribed":false,"board":{"__ref":"Forum:board:TechnicalForum"},"parent":{"__ref":"ForumTopicMessage:message:187254"},"conversation":{"__ref":"Conversation:conversation:187254"},"subject":"Re: Client Certificate Validation by Subject","moderationData":{"__ref":"ModerationData:moderation_data:187265"},"body":"Nice work Nitass.

\n

 

\n

 

Maxim, I think it's still important to escalate this to Support as X509::subject should return a null string if the subject in the cert is null or can't be parsed. And even if it does generate a runtime TCL error, that should trigger a reset of the TCP connection. So it's important for us to get the issue fixed.

\n

 

\n

 

Aaron","body@stripHtml({\"removeProcessingText\":false,\"removeSpoilerMarkup\":false,\"removeTocMarkup\":false,\"truncateLength\":200})@stringLength":"213","kudosSumWeight":0,"repliesCount":0,"postTime":"2011-11-17T08:44:51.000-08:00","lastPublishTime":"2011-11-17T08:44:51.000-08:00","metrics":{"__typename":"MessageMetrics","views":740},"visibilityScope":"PUBLIC","placeholder":false,"originalMessageForPlaceholder":null,"isEscalated":null,"solution":false,"entityType":"FORUM_REPLY","eventPath":"category:Forums/community:zihoc95639board:TechnicalForum/message:187254/message:187265","replies":{"__typename":"MessageConnection","pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null},"edges":[]},"customFields":[],"attachments":{"__typename":"AttachmentConnection","edges":[],"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"readOnly":false,"editFrozen":false,"body@stringLength":"431","rawBody":"Nice work Nitass.

\n

 

\n

 

Maxim, I think it's still important to escalate this to Support as X509::subject should return a null string if the subject in the cert is null or can't be parsed. And even if it does generate a runtime TCL error, that should trigger a reset of the TCP connection. So it's important for us to get the issue fixed.

\n

 

\n

 

Aaron","images":{"__typename":"AssociatedImageConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"timeToRead":1,"currentRevision":{"__ref":"Revision:revision:187265_1"},"latestVersion":null,"messagePolicies":{"__typename":"MessagePolicies","canModerateSpamMessage":{"__typename":"PolicyResult","failureReason":{"__typename":"FailureReason","message":"error.lithium.policies.feature.moderation_spam.action.moderate_entity.allowed.accessDenied","key":"error.lithium.policies.feature.moderation_spam.action.moderate_entity.allowed.accessDenied","args":[]}}}},"User:user:277508":{"__typename":"User","id":"user:277508","uid":277508,"login":"nitass","biography":null,"registrationData":{"__typename":"RegistrationData","status":null,"registrationTime":"2010-02-03T00:00:00.000-08:00"},"deleted":false,"email":"","avatar":{"__typename":"UserAvatar","url":"https://community.f5.com/t5/s/zihoc95639/images/dS0yNzc1MDgtRnhMUEtI?image-coordinates=0%2C447%2C1536%2C1983"},"rank":{"__ref":"Rank:rank:28"},"entityType":"USER","eventPath":"community:zihoc95639/user:277508"},"ModerationData:moderation_data:187266":{"__typename":"ModerationData","id":"moderation_data:187266","status":"APPROVED","rejectReason":null,"isReportedAbuse":false,"rejectUser":null,"rejectTime":null,"rejectActorType":null},"ForumReplyMessage:message:187266":{"__typename":"ForumReplyMessage","author":{"__ref":"User:user:277508"},"id":"message:187266","revisionNum":1,"uid":187266,"depth":1,"hasGivenKudo":false,"subscribed":false,"board":{"__ref":"Forum:board:TechnicalForum"},"parent":{"__ref":"ForumTopicMessage:message:187254"},"conversation":{"__ref":"Conversation:conversation:187254"},"subject":"Re: Client Certificate Validation by Subject","moderationData":{"__ref":"ModerationData:moderation_data:187266"},"body":"Aaron,

\n

 

\n

 

thanks! i agree with you. this could be escalated and get fixed.","body@stripHtml({\"removeProcessingText\":false,\"removeSpoilerMarkup\":false,\"removeTocMarkup\":false,\"truncateLength\":200})@stringLength":"96","kudosSumWeight":0,"repliesCount":0,"postTime":"2011-11-17T08:48:14.000-08:00","lastPublishTime":"2011-11-17T08:48:14.000-08:00","metrics":{"__typename":"MessageMetrics","views":740},"visibilityScope":"PUBLIC","placeholder":false,"originalMessageForPlaceholder":null,"isEscalated":null,"solution":false,"entityType":"FORUM_REPLY","eventPath":"category:Forums/community:zihoc95639board:TechnicalForum/message:187254/message:187266","replies":{"__typename":"MessageConnection","pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null},"edges":[]},"customFields":[],"readOnly":false,"editFrozen":false,"body@stringLength":"116","rawBody":"Aaron,

\n

 

\n

 

thanks! i agree with you. this could be escalated and get fixed.","images":{"__typename":"AssociatedImageConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"attachments":{"__typename":"AttachmentConnection","pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null},"edges":[]},"timeToRead":1,"currentRevision":{"__ref":"Revision:revision:187266_1"},"latestVersion":null,"messagePolicies":{"__typename":"MessagePolicies","canModerateSpamMessage":{"__typename":"PolicyResult","failureReason":{"__typename":"FailureReason","message":"error.lithium.policies.feature.moderation_spam.action.moderate_entity.allowed.accessDenied","key":"error.lithium.policies.feature.moderation_spam.action.moderate_entity.allowed.accessDenied","args":[]}}}},"ModerationData:moderation_data:187267":{"__typename":"ModerationData","id":"moderation_data:187267","status":"APPROVED","rejectReason":null,"isReportedAbuse":false,"rejectUser":null,"rejectTime":null,"rejectActorType":null},"ForumReplyMessage:message:187267":{"__typename":"ForumReplyMessage","author":{"__ref":"User:user:154146"},"id":"message:187267","revisionNum":1,"uid":187267,"depth":1,"hasGivenKudo":false,"subscribed":false,"board":{"__ref":"Forum:board:TechnicalForum"},"parent":{"__ref":"ForumTopicMessage:message:187254"},"conversation":{"__ref":"Conversation:conversation:187254"},"subject":"Re: Client Certificate Validation by Subject","moderationData":{"__ref":"ModerationData:moderation_data:187267"},"body":"Thanks for the test Nitass.

\n

 

\n

 

I opened a case with F5 (F5 Case No. C998774). As usual they warned me that support is very limited but that they will log the case and see what the engineers will say. I will keep you posted.","body@stripHtml({\"removeProcessingText\":false,\"removeSpoilerMarkup\":false,\"removeTocMarkup\":false,\"truncateLength\":200})@stringLength":"213","kudosSumWeight":0,"repliesCount":0,"postTime":"2011-11-17T09:31:16.000-08:00","lastPublishTime":"2011-11-17T09:31:16.000-08:00","metrics":{"__typename":"MessageMetrics","views":741},"visibilityScope":"PUBLIC","placeholder":false,"originalMessageForPlaceholder":null,"isEscalated":null,"solution":false,"entityType":"FORUM_REPLY","eventPath":"category:Forums/community:zihoc95639board:TechnicalForum/message:187254/message:187267","replies":{"__typename":"MessageConnection","pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null},"edges":[]},"customFields":[],"attachments":{"__typename":"AttachmentConnection","edges":[],"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"readOnly":false,"editFrozen":false,"body@stringLength":"265","rawBody":"Thanks for the test Nitass.

\n

 

\n

 

I opened a case with F5 (F5 Case No. C998774). As usual they warned me that support is very limited but that they will log the case and see what the engineers will say. I will keep you posted.","images":{"__typename":"AssociatedImageConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"timeToRead":1,"currentRevision":{"__ref":"Revision:revision:187267_1"},"latestVersion":null,"messagePolicies":{"__typename":"MessagePolicies","canModerateSpamMessage":{"__typename":"PolicyResult","failureReason":{"__typename":"FailureReason","message":"error.lithium.policies.feature.moderation_spam.action.moderate_entity.allowed.accessDenied","key":"error.lithium.policies.feature.moderation_spam.action.moderate_entity.allowed.accessDenied","args":[]}}}},"ModerationData:moderation_data:187268":{"__typename":"ModerationData","id":"moderation_data:187268","status":"APPROVED","rejectReason":null,"isReportedAbuse":false,"rejectUser":null,"rejectTime":null,"rejectActorType":null},"ForumReplyMessage:message:187268":{"__typename":"ForumReplyMessage","author":{"__ref":"User:user:154146"},"id":"message:187268","revisionNum":1,"uid":187268,"depth":1,"hasGivenKudo":false,"subscribed":false,"board":{"__ref":"Forum:board:TechnicalForum"},"parent":{"__ref":"ForumTopicMessage:message:187254"},"conversation":{"__ref":"Conversation:conversation:187254"},"subject":"Re: Client Certificate Validation by Subject","moderationData":{"__ref":"ModerationData:moderation_data:187268"},"body":"Hoolio, nitass, this is what F5 Engineering Services delivered as a workaround but I can't make it compile yet, I am still tryng to figure out the logic:

\n

 

\n

 

when CLIENTSSL_CLIENTCERT {

\n

 

if {[SSL::cert count] > 0}{

\n

 

set allfield \"[X509::cert_fields [SSL::cert 0] [SSL::verify_result] issuer subject sigalg validity hash]\"

\n

 

log local0. \"$allfield\"

\n

 

if { $allfield contains \"SSLClientCertSubject\" } {

\n

 

log local0. \"matched SSLClientCertSubject\"

\n

 

set subject_dn [X509::subject [SSL::cert 0]]

\n

 

} else {

\n

 

log local0. \"not matched SSLClientCertSubject\"

\n

 

set subject_dn \"\"

\n

 

}

\n

 

log local0. \"Client Certificate Received: $subject_dn\"

\n

 

if {$subject_dn eq \"\"} {

\n

 

log local0. \"Client Certificate with blank subject was detected\"

\n

 

reject

\n

 

} elseif {[matchclass $subject_dn contains ebilling_accepted_certs]} {

\n

 

log local0. \"Client Certificate Accepted: $subject_dn\"

\n

 

} else {

\n

 

log local0. \"Unauthorized Client Certificate was detected: $subject_dn\"

\n

 

reject

\n

 

}

\n

 

}

\n

 

}

\n

 

\n

 

Can you see a sytax error anywhere or is it the logic that is flawed?","body@stripHtml({\"removeProcessingText\":false,\"removeSpoilerMarkup\":false,\"removeTocMarkup\":false,\"truncateLength\":200})@stringLength":"213","kudosSumWeight":0,"repliesCount":0,"postTime":"2011-11-18T11:26:01.000-08:00","lastPublishTime":"2011-11-18T11:26:01.000-08:00","metrics":{"__typename":"MessageMetrics","views":740},"visibilityScope":"PUBLIC","placeholder":false,"originalMessageForPlaceholder":null,"isEscalated":null,"solution":false,"entityType":"FORUM_REPLY","eventPath":"category:Forums/community:zihoc95639board:TechnicalForum/message:187254/message:187268","replies":{"__typename":"MessageConnection","pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null},"edges":[]},"customFields":[],"readOnly":false,"editFrozen":false,"body@stringLength":"1670","rawBody":"Hoolio, nitass, this is what F5 Engineering Services delivered as a workaround but I can't make it compile yet, I am still tryng to figure out the logic:

\n

 

\n

 

when CLIENTSSL_CLIENTCERT {

\n

 

if {[SSL::cert count] > 0}{

\n

 

set allfield \"[X509::cert_fields [SSL::cert 0] [SSL::verify_result] issuer subject sigalg validity hash]\"

\n

 

log local0. \"$allfield\"

\n

 

if { $allfield contains \"SSLClientCertSubject\" } {

\n

 

log local0. \"matched SSLClientCertSubject\"

\n

 

set subject_dn [X509::subject [SSL::cert 0]]

\n

 

} else {

\n

 

log local0. \"not matched SSLClientCertSubject\"

\n

 

set subject_dn \"\"

\n

 

}

\n

 

log local0. \"Client Certificate Received: $subject_dn\"

\n

 

if {$subject_dn eq \"\"} {

\n

 

log local0. \"Client Certificate with blank subject was detected\"

\n

 

reject

\n

 

} elseif {[matchclass $subject_dn contains ebilling_accepted_certs]} {

\n

 

log local0. \"Client Certificate Accepted: $subject_dn\"

\n

 

} else {

\n

 

log local0. \"Unauthorized Client Certificate was detected: $subject_dn\"

\n

 

reject

\n

 

}

\n

 

}

\n

 

}

\n

 

\n

 

Can you see a sytax error anywhere or is it the logic that is flawed?","images":{"__typename":"AssociatedImageConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"attachments":{"__typename":"AttachmentConnection","pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null},"edges":[]},"timeToRead":1,"currentRevision":{"__ref":"Revision:revision:187268_1"},"latestVersion":null,"messagePolicies":{"__typename":"MessagePolicies","canModerateSpamMessage":{"__typename":"PolicyResult","failureReason":{"__typename":"FailureReason","message":"error.lithium.policies.feature.moderation_spam.action.moderate_entity.allowed.accessDenied","key":"error.lithium.policies.feature.moderation_spam.action.moderate_entity.allowed.accessDenied","args":[]}}}},"Rank:rank:47":{"__typename":"Rank","id":"rank:47","position":3,"name":"Historic F5 Account","color":"949494","icon":null,"rankStyle":"OUTLINE"},"User:user:24427":{"__typename":"User","id":"user:24427","uid":24427,"login":"spark_86682","biography":null,"registrationData":{"__typename":"RegistrationData","status":null,"registrationTime":"2006-08-11T01:00:00.000-07:00"},"deleted":false,"email":"","avatar":{"__typename":"UserAvatar","url":"https://community.f5.com/t5/s/zihoc95639/m_assets/avatars/default/avatar-5.svg?time=0"},"rank":{"__ref":"Rank:rank:47"},"entityType":"USER","eventPath":"community:zihoc95639/user:24427"},"ModerationData:moderation_data:187269":{"__typename":"ModerationData","id":"moderation_data:187269","status":"APPROVED","rejectReason":null,"isReportedAbuse":false,"rejectUser":null,"rejectTime":null,"rejectActorType":null},"ForumReplyMessage:message:187269":{"__typename":"ForumReplyMessage","author":{"__ref":"User:user:24427"},"id":"message:187269","revisionNum":1,"uid":187269,"depth":1,"hasGivenKudo":false,"subscribed":false,"board":{"__ref":"Forum:board:TechnicalForum"},"parent":{"__ref":"ForumTopicMessage:message:187254"},"conversation":{"__ref":"Conversation:conversation:187254"},"subject":"Re: Client Certificate Validation by Subject","moderationData":{"__ref":"ModerationData:moderation_data:187269"},"body":"You should continue with your support case, but if you urgently need a workaround, your best bet is likely to use the catch command to detect if the X509:: command errors out, and handle the error via the iRule.","body@stripHtml({\"removeProcessingText\":false,\"removeSpoilerMarkup\":false,\"removeTocMarkup\":false,\"truncateLength\":200})@stringLength":"203","kudosSumWeight":0,"repliesCount":0,"postTime":"2011-11-28T11:16:13.000-08:00","lastPublishTime":"2011-11-28T11:16:13.000-08:00","metrics":{"__typename":"MessageMetrics","views":741},"visibilityScope":"PUBLIC","placeholder":false,"originalMessageForPlaceholder":null,"isEscalated":null,"solution":false,"entityType":"FORUM_REPLY","eventPath":"category:Forums/community:zihoc95639board:TechnicalForum/message:187254/message:187269","replies":{"__typename":"MessageConnection","pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null},"edges":[]},"attachments":{"__typename":"AttachmentConnection","edges":[],"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"customFields":[],"readOnly":false,"editFrozen":false,"body@stringLength":"211","rawBody":"You should continue with your support case, but if you urgently need a workaround, your best bet is likely to use the catch command to detect if the X509:: command errors out, and handle the error via the iRule.","images":{"__typename":"AssociatedImageConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"timeToRead":1,"currentRevision":{"__ref":"Revision:revision:187269_1"},"latestVersion":null,"messagePolicies":{"__typename":"MessagePolicies","canModerateSpamMessage":{"__typename":"PolicyResult","failureReason":{"__typename":"FailureReason","message":"error.lithium.policies.feature.moderation_spam.action.moderate_entity.allowed.accessDenied","key":"error.lithium.policies.feature.moderation_spam.action.moderate_entity.allowed.accessDenied","args":[]}}}},"ModerationData:moderation_data:187270":{"__typename":"ModerationData","id":"moderation_data:187270","status":"APPROVED","rejectReason":null,"isReportedAbuse":false,"rejectUser":null,"rejectTime":null,"rejectActorType":null},"ForumReplyMessage:message:187270":{"__typename":"ForumReplyMessage","author":{"__ref":"User:user:277508"},"id":"message:187270","revisionNum":2,"uid":187270,"depth":1,"hasGivenKudo":false,"subscribed":false,"board":{"__ref":"Forum:board:TechnicalForum"},"parent":{"__ref":"ForumTopicMessage:message:187254"},"conversation":{"__ref":"Conversation:conversation:187254"},"subject":"Re: Client Certificate Validation by Subject","moderationData":{"__ref":"ModerationData:moderation_data:187270"},"body":"hi Maxim,

\n

\n

sorry i missed your message. i tested Engineering Service's irule and it seemed to be okay too.

\n

\n

[root@ve1023:Active] iRuleTest  b virtual bar list\nvirtual bar {\n   snat automap\n   pool foo\n   destination 172.28.19.79:443\n   ip protocol 6\n   rules myrule\n   profiles {\n      http {}\n      myclientssl {\n         clientside\n      }\n      tcp {}\n   }\n}\n[root@ve1023:Active] iRuleTest  b profile myclientssl list\nprofile clientssl myclientssl {\n   defaults from clientssl\n   ca file \"clientblank_ca.crt\"\n   peer cert mode require\n}\n[root@ve1023:Active] iRuleTest  b rule myrule list\nrule myrule {\n   when CLIENTSSL_CLIENTCERT {\n        if {[SSL::cert count] > 0}{\n                set allfield \"[X509::cert_fields [SSL::cert 0] [SSL::verify_result] issuer subject sigalg validity hash]\"\n                log local0. \"$allfield\"\n                if { $allfield contains \"SSLClientCertSubject\" } {\n                        log local0. \"matched SSLClientCertSubject\"\n                        set subject_dn [X509::subject [SSL::cert 0]]\n                } else {\n                        log local0. \"not matched SSLClientCertSubject\"\n                        set subject_dn \"\"\n                }\n                log local0. \"Client Certificate Received: $subject_dn\"\n                if {$subject_dn eq \"\"} {\n                        log local0. \"Client Certificate with blank subject was detected\"\n                        reject\n                } elseif {[matchclass $subject_dn contains ebilling_accepted_certs]} {\n                        log local0. \"Client Certificate Accepted: $subject_dn\"\n                } else {\n                        log local0. \"Unauthorized Client Certificate was detected: $subject_dn\"\n                        reject\n                }\n        }\n}\n}\n\n[root@ve1023:Active] iRuleTest  curl -ik https://172.28.19.79 --cert ./clientblank.crt --key ./clientblank.key\ncurl: (55) SSL_write() returned SYSCALL, errno = 104\n\n[root@ve1023:Active] iRuleTest  \nNov 28 20:22:26 local/tmm info tmm[23027]: Rule myrule : SSLClientCertStatus OK SSLClientCertIssuer {CN=Cartus Enrolment CA,DC=production,DC=cendantmobility,DC=net} SSLClientCertSignatureAlgorithm sha1WithRSAEncryption SSLClientCertNotValidBefore {Oct 23 20:55:00 2011 GMT} SSLClientCertNotValidAfter {Oct 22 20:55:00 2012 GMT} SSLClientCertHash e6:44:7e:d2:5e:6b:be:a0:e8:45:53:d2:17:0a:2d:ac\nNov 28 20:22:26 local/tmm info tmm[23027]: Rule myrule : not matched SSLClientCertSubject\nNov 28 20:22:26 local/tmm info tmm[23027]: Rule myrule : Client Certificate Received:\nNov 28 20:22:26 local/tmm info tmm[23027]: Rule myrule : Client Certificate with blank subject was detected\n\n
","body@stripHtml({\"removeProcessingText\":false,\"removeSpoilerMarkup\":false,\"removeTocMarkup\":false,\"truncateLength\":200})@stringLength":"203","kudosSumWeight":0,"repliesCount":0,"postTime":"2011-11-28T19:20:53.000-08:00","lastPublishTime":"2023-06-05T06:30:56.147-07:00","metrics":{"__typename":"MessageMetrics","views":740},"visibilityScope":"PUBLIC","placeholder":false,"originalMessageForPlaceholder":null,"isEscalated":null,"solution":false,"entityType":"FORUM_REPLY","eventPath":"category:Forums/community:zihoc95639board:TechnicalForum/message:187254/message:187270","replies":{"__typename":"MessageConnection","pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null},"edges":[]},"customFields":[],"attachments":{"__typename":"AttachmentConnection","edges":[],"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"readOnly":false,"editFrozen":false,"body@stringLength":"2753","rawBody":"hi Maxim,

\n

\n

sorry i missed your message. i tested Engineering Service's irule and it seemed to be okay too.

\n

\n

[root@ve1023:Active] iRuleTest b virtual bar list\nvirtual bar {\n snat automap\n pool foo\n destination 172.28.19.79:443\n ip protocol 6\n rules myrule\n profiles {\n http {}\n myclientssl {\n clientside\n }\n tcp {}\n }\n}\n[root@ve1023:Active] iRuleTest b profile myclientssl list\nprofile clientssl myclientssl {\n defaults from clientssl\n ca file \"clientblank_ca.crt\"\n peer cert mode require\n}\n[root@ve1023:Active] iRuleTest b rule myrule list\nrule myrule {\n when CLIENTSSL_CLIENTCERT {\n if {[SSL::cert count] > 0}{\n set allfield \"[X509::cert_fields [SSL::cert 0] [SSL::verify_result] issuer subject sigalg validity hash]\"\n log local0. \"$allfield\"\n if { $allfield contains \"SSLClientCertSubject\" } {\n log local0. \"matched SSLClientCertSubject\"\n set subject_dn [X509::subject [SSL::cert 0]]\n } else {\n log local0. \"not matched SSLClientCertSubject\"\n set subject_dn \"\"\n }\n log local0. \"Client Certificate Received: $subject_dn\"\n if {$subject_dn eq \"\"} {\n log local0. \"Client Certificate with blank subject was detected\"\n reject\n } elseif {[matchclass $subject_dn contains ebilling_accepted_certs]} {\n log local0. \"Client Certificate Accepted: $subject_dn\"\n } else {\n log local0. \"Unauthorized Client Certificate was detected: $subject_dn\"\n reject\n }\n }\n}\n}\n\n[root@ve1023:Active] iRuleTest curl -ik https://172.28.19.79 --cert ./clientblank.crt --key ./clientblank.key\ncurl: (55) SSL_write() returned SYSCALL, errno = 104\n\n[root@ve1023:Active] iRuleTest \nNov 28 20:22:26 local/tmm info tmm[23027]: Rule myrule : SSLClientCertStatus OK SSLClientCertIssuer {CN=Cartus Enrolment CA,DC=production,DC=cendantmobility,DC=net} SSLClientCertSignatureAlgorithm sha1WithRSAEncryption SSLClientCertNotValidBefore {Oct 23 20:55:00 2011 GMT} SSLClientCertNotValidAfter {Oct 22 20:55:00 2012 GMT} SSLClientCertHash e6:44:7e:d2:5e:6b:be:a0:e8:45:53:d2:17:0a:2d:ac\nNov 28 20:22:26 local/tmm info tmm[23027]: Rule myrule : not matched SSLClientCertSubject\nNov 28 20:22:26 local/tmm info tmm[23027]: Rule myrule : Client Certificate Received:\nNov 28 20:22:26 local/tmm info tmm[23027]: Rule myrule : Client Certificate with blank subject was detected\n\n","images":{"__typename":"AssociatedImageConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"timeToRead":2,"currentRevision":{"__ref":"Revision:revision:187270_2"},"latestVersion":null,"messagePolicies":{"__typename":"MessagePolicies","canModerateSpamMessage":{"__typename":"PolicyResult","failureReason":{"__typename":"FailureReason","message":"error.lithium.policies.feature.moderation_spam.action.moderate_entity.allowed.accessDenied","key":"error.lithium.policies.feature.moderation_spam.action.moderate_entity.allowed.accessDenied","args":[]}}}},"ModerationData:moderation_data:187271":{"__typename":"ModerationData","id":"moderation_data:187271","status":"APPROVED","rejectReason":null,"isReportedAbuse":false,"rejectUser":null,"rejectTime":null,"rejectActorType":null},"ForumReplyMessage:message:187271":{"__typename":"ForumReplyMessage","author":{"__ref":"User:user:154146"},"id":"message:187271","revisionNum":1,"uid":187271,"depth":1,"hasGivenKudo":false,"subscribed":false,"board":{"__ref":"Forum:board:TechnicalForum"},"parent":{"__ref":"ForumTopicMessage:message:187254"},"conversation":{"__ref":"Conversation:conversation:187254"},"subject":"Re: Client Certificate Validation by Subject","moderationData":{"__ref":"ModerationData:moderation_data:187271"},"body":"Thank you nitass. Sorry for the delayed response but I was away for almost two weeks. Your latest update to the iRule works as desired. This solves my problem. I still don't know why Rule 1 below will not compile and Rule 2, the latest one in the above thread, compiles fine. I looked at them character by character and I still cannot see the difference, it has to be some space or special character somewhere that confuses the compiler as when it fails to compile, it fails with a long thread of error, which are usually indicative of a missing brace or bracket where the logic of the rule is completely incomprehensible to the compiler. Regardless the second rule works fine and that makes me happy.

\n

 

\n

 

I also closed the F5 support case. Their last statement was that the DevCentral workaround should be the fix and that if I want to avoid the TCL bug and make my original rule work, I need to go to BIG-IP OS 10.2.1. I cannot do that at the present but I plan to do so in not so distant future.

\n

 

\n

 

Thank you again for your timely and professional support. Regards, Maxim

\n

 

\n

 

RULE 1

\n

 

---------------------------------------

\n

 

when CLIENTSSL_CLIENTCERT {

\n

 

if {[SSL::cert count] > 0}{

\n

 

set allfield \"[X509::cert_fields [SSL::cert 0] [SSL::verify_result] issuer subject sigalg validity hash]\"

\n

 

log local0. \"$allfield\"

\n

 

if { $allfield contains \"SSLClientCertSubject\" } {

\n

 

log local0. \"matched SSLClientCertSubject\"

\n

 

set subject_dn [X509::subject [SSL::cert 0]]

\n

 

}else{

\n

 

log local0. \"not matched SSLClientCertSubject\"

\n

 

set subject_dn \"\"

\n

 

}

\n

 

log local0. \"Client Certificate Received: $subject_dn\"

\n

 

if {$subject_dn eq \"\"} {

\n

 

log local0. \"Client Certificate with blank subject was detected\"

\n

 

reject

\n

 

}elseif{[matchclass $subject_dn contains ebilling_accepted_certs]} {

\n

 

log local0. \"Client Certificate Accepted: $subject_dn\"

\n

 

}else{

\n

 

log local0. \"Unauthorized Client Certificate was detected: $subject_dn\"

\n

 

reject

\n

 

}

\n

 

}

\n

 

}

\n

 

\n

 

\n

 

RULE 2

\n

 

---------------------------------------

\n

 

when CLIENTSSL_CLIENTCERT {

\n

 

if {[SSL::cert count] > 0}{

\n

 

set allfield \"[X509::cert_fields [SSL::cert 0] [SSL::verify_result] issuer subject sigalg validity hash]\"

\n

 

log local0. \"$allfield\"

\n

 

if { $allfield contains \"SSLClientCertSubject\" } {

\n

 

log local0. \"matched SSLClientCertSubject\"

\n

 

set subject_dn [X509::subject [SSL::cert 0]]

\n

 

} else {

\n

 

log local0. \"not matched SSLClientCertSubject\"

\n

 

set subject_dn \"\"}

\n

 

log local0. \"Client Certificate Received: $subject_dn\"

\n

 

if {$subject_dn eq \"\"} {

\n

 

log local0. \"Client Certificate with blank subject was detected\"

\n

 

reject

\n

 

} elseif {[matchclass $subject_dn contains ebilling_accepted_certs]} {

\n

 

log local0. \"Client Certificate Accepted: $subject_dn\"

\n

 

} else {

\n

 

log local0. \"Unauthorized Client Certificate was detected: $subject_dn\"

\n

 

reject

\n

 

}

\n

 

}

\n

 

}

 

","body@stripHtml({\"removeProcessingText\":false,\"removeSpoilerMarkup\":false,\"removeTocMarkup\":false,\"truncateLength\":200})@stringLength":"203","kudosSumWeight":0,"repliesCount":0,"postTime":"2011-12-03T13:27:28.000-08:00","lastPublishTime":"2011-12-03T13:27:28.000-08:00","metrics":{"__typename":"MessageMetrics","views":740},"visibilityScope":"PUBLIC","placeholder":false,"originalMessageForPlaceholder":null,"isEscalated":null,"solution":false,"entityType":"FORUM_REPLY","eventPath":"category:Forums/community:zihoc95639board:TechnicalForum/message:187254/message:187271","replies":{"__typename":"MessageConnection","pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null},"edges":[]},"customFields":[],"attachments":{"__typename":"AttachmentConnection","edges":[],"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"readOnly":false,"editFrozen":false,"body@stringLength":"4139","rawBody":"Thank you nitass. Sorry for the delayed response but I was away for almost two weeks. Your latest update to the iRule works as desired. This solves my problem. I still don't know why Rule 1 below will not compile and Rule 2, the latest one in the above thread, compiles fine. I looked at them character by character and I still cannot see the difference, it has to be some space or special character somewhere that confuses the compiler as when it fails to compile, it fails with a long thread of error, which are usually indicative of a missing brace or bracket where the logic of the rule is completely incomprehensible to the compiler. Regardless the second rule works fine and that makes me happy.

\n

 

\n

 

I also closed the F5 support case. Their last statement was that the DevCentral workaround should be the fix and that if I want to avoid the TCL bug and make my original rule work, I need to go to BIG-IP OS 10.2.1. I cannot do that at the present but I plan to do so in not so distant future.

\n

 

\n

 

Thank you again for your timely and professional support. Regards, Maxim

\n

 

\n

 

RULE 1

\n

 

---------------------------------------

\n

 

when CLIENTSSL_CLIENTCERT {

\n

 

if {[SSL::cert count] > 0}{

\n

 

set allfield \"[X509::cert_fields [SSL::cert 0] [SSL::verify_result] issuer subject sigalg validity hash]\"

\n

 

log local0. \"$allfield\"

\n

 

if { $allfield contains \"SSLClientCertSubject\" } {

\n

 

log local0. \"matched SSLClientCertSubject\"

\n

 

set subject_dn [X509::subject [SSL::cert 0]]

\n

 

}else{

\n

 

log local0. \"not matched SSLClientCertSubject\"

\n

 

set subject_dn \"\"

\n

 

}

\n

 

log local0. \"Client Certificate Received: $subject_dn\"

\n

 

if {$subject_dn eq \"\"} {

\n

 

log local0. \"Client Certificate with blank subject was detected\"

\n

 

reject

\n

 

}elseif{[matchclass $subject_dn contains ebilling_accepted_certs]} {

\n

 

log local0. \"Client Certificate Accepted: $subject_dn\"

\n

 

}else{

\n

 

log local0. \"Unauthorized Client Certificate was detected: $subject_dn\"

\n

 

reject

\n

 

}

\n

 

}

\n

 

}

\n

 

\n

 

\n

 

RULE 2

\n

 

---------------------------------------

\n

 

when CLIENTSSL_CLIENTCERT {

\n

 

if {[SSL::cert count] > 0}{

\n

 

set allfield \"[X509::cert_fields [SSL::cert 0] [SSL::verify_result] issuer subject sigalg validity hash]\"

\n

 

log local0. \"$allfield\"

\n

 

if { $allfield contains \"SSLClientCertSubject\" } {

\n

 

log local0. \"matched SSLClientCertSubject\"

\n

 

set subject_dn [X509::subject [SSL::cert 0]]

\n

 

} else {

\n

 

log local0. \"not matched SSLClientCertSubject\"

\n

 

set subject_dn \"\"}

\n

 

log local0. \"Client Certificate Received: $subject_dn\"

\n

 

if {$subject_dn eq \"\"} {

\n

 

log local0. \"Client Certificate with blank subject was detected\"

\n

 

reject

\n

 

} elseif {[matchclass $subject_dn contains ebilling_accepted_certs]} {

\n

 

log local0. \"Client Certificate Accepted: $subject_dn\"

\n

 

} else {

\n

 

log local0. \"Unauthorized Client Certificate was detected: $subject_dn\"

\n

 

reject

\n

 

}

\n

 

}

\n

 

}

 

","images":{"__typename":"AssociatedImageConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"timeToRead":2,"currentRevision":{"__ref":"Revision:revision:187271_1"},"latestVersion":null,"messagePolicies":{"__typename":"MessagePolicies","canModerateSpamMessage":{"__typename":"PolicyResult","failureReason":{"__typename":"FailureReason","message":"error.lithium.policies.feature.moderation_spam.action.moderate_entity.allowed.accessDenied","key":"error.lithium.policies.feature.moderation_spam.action.moderate_entity.allowed.accessDenied","args":[]}}}},"ModerationData:moderation_data:187272":{"__typename":"ModerationData","id":"moderation_data:187272","status":"APPROVED","rejectReason":null,"isReportedAbuse":false,"rejectUser":null,"rejectTime":null,"rejectActorType":null},"ForumReplyMessage:message:187272":{"__typename":"ForumReplyMessage","author":{"__ref":"User:user:277508"},"id":"message:187272","revisionNum":1,"uid":187272,"depth":1,"hasGivenKudo":false,"subscribed":false,"board":{"__ref":"Forum:board:TechnicalForum"},"parent":{"__ref":"ForumTopicMessage:message:187254"},"conversation":{"__ref":"Conversation:conversation:187254"},"subject":"Re: Client Certificate Validation by Subject","moderationData":{"__ref":"ModerationData:moderation_data:187272"},"body":"you are welcome. :-)","body@stripHtml({\"removeProcessingText\":false,\"removeSpoilerMarkup\":false,\"removeTocMarkup\":false,\"truncateLength\":200})@stringLength":"20","kudosSumWeight":0,"repliesCount":0,"postTime":"2011-12-04T00:05:50.000-08:00","lastPublishTime":"2011-12-04T00:05:50.000-08:00","metrics":{"__typename":"MessageMetrics","views":741},"visibilityScope":"PUBLIC","placeholder":false,"originalMessageForPlaceholder":null,"isEscalated":null,"solution":false,"entityType":"FORUM_REPLY","eventPath":"category:Forums/community:zihoc95639board:TechnicalForum/message:187254/message:187272","replies":{"__typename":"MessageConnection","pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null},"edges":[]},"customFields":[],"attachments":{"__typename":"AttachmentConnection","edges":[],"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"readOnly":false,"editFrozen":false,"body@stringLength":"20","rawBody":"you are welcome. :-)","images":{"__typename":"AssociatedImageConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"timeToRead":1,"currentRevision":{"__ref":"Revision:revision:187272_1"},"latestVersion":null,"messagePolicies":{"__typename":"MessagePolicies","canModerateSpamMessage":{"__typename":"PolicyResult","failureReason":{"__typename":"FailureReason","message":"error.lithium.policies.feature.moderation_spam.action.moderate_entity.allowed.accessDenied","key":"error.lithium.policies.feature.moderation_spam.action.moderate_entity.allowed.accessDenied","args":[]}}}},"CachedAsset:text:en_US-components/community/NavbarDropdownToggle-1740415735000":{"__typename":"CachedAsset","id":"text:en_US-components/community/NavbarDropdownToggle-1740415735000","value":{"ariaLabelClosed":"Press the down arrow to open the menu"},"localOverride":false},"CachedAsset:text:en_US-components/messages/EscalatedMessageBanner-1740415735000":{"__typename":"CachedAsset","id":"text:en_US-components/messages/EscalatedMessageBanner-1740415735000","value":{"escalationMessage":"Escalated to Salesforce by {username} on {date}","viewDetails":"View Details","modalTitle":"Case Details","escalatedBy":"Escalated by: ","escalatedOn":"Escalated on: ","caseNumber":"Case Number: ","status":"Status: ","lastUpdateDate":"Last Update: ","automaticEscalation":"automatic escalation","anonymous":"Anonymous"},"localOverride":false},"CachedAsset:text:en_US-components/users/UserLink-1740415735000":{"__typename":"CachedAsset","id":"text:en_US-components/users/UserLink-1740415735000","value":{"authorName":"View Profile: {author}","anonymous":"Anonymous"},"localOverride":false},"CachedAsset:text:en_US-shared/client/components/users/UserRank-1740415735000":{"__typename":"CachedAsset","id":"text:en_US-shared/client/components/users/UserRank-1740415735000","value":{"rankName":"{rankName}","userRank":"Author rank {rankName}"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageTime-1740415735000":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageTime-1740415735000","value":{"postTime":"Published: {time}","lastPublishTime":"Last Update: {time}","conversation.lastPostingActivityTime":"Last posting activity time: {time}","conversation.lastPostTime":"Last post time: {time}","moderationData.rejectTime":"Rejected time: {time}"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageSolvedBadge-1740415735000":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageSolvedBadge-1740415735000","value":{"solved":"Solved"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageSubject-1740415735000":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageSubject-1740415735000","value":{"noSubject":"(no subject)"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageBody-1740415735000":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageBody-1740415735000","value":{"showMessageBody":"Show More","mentionsErrorTitle":"{mentionsType, select, board {Board} user {User} message {Message} other {}} No Longer Available","mentionsErrorMessage":"The {mentionsType} you are trying to view has been removed from the community.","videoProcessing":"Video is being processed. Please try again in a few minutes.","bannerTitle":"Video provider requires cookies to play the video. Accept to continue or {url} it directly on the provider's site.","buttonTitle":"Accept","urlText":"watch"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageCustomFields-1740415735000":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageCustomFields-1740415735000","value":{"CustomField.default.label":"Value of {name}"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageReplyButton-1740415735000":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageReplyButton-1740415735000","value":{"repliesCount":"{count}","title":"Reply","title@board:BLOG@message:root":"Comment","title@board:TKB@message:root":"Comment","title@board:IDEA@message:root":"Comment","title@board:OCCASION@message:root":"Comment"},"localOverride":false},"CachedAsset:text:en_US-components/messages/AcceptedSolutionButton-1740415735000":{"__typename":"CachedAsset","id":"text:en_US-components/messages/AcceptedSolutionButton-1740415735000","value":{"accept":"Mark as Solution","accepted":"Marked as Solution","errorHeader":"Error!","errorAdd":"There was an error marking as solution.","errorRemove":"There was an error unmarking as solution.","solved":"Solved","topicAlreadySolvedErrorTitle":"Solution Already Exists","topicAlreadySolvedErrorDesc":"Refresh the browser to view the existing solution"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageView/MessageViewInline-1740415735000":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageView/MessageViewInline-1740415735000","value":{"bylineAuthor":"{bylineAuthor}","bylineBoard":"{bylineBoard}","anonymous":"Anonymous","place":"Place {bylineBoard}","gotoParent":"Go to parent {name}"},"localOverride":false},"CachedAsset:text:en_US-shared/client/components/common/Pager/PagerLoadMore-1740415735000":{"__typename":"CachedAsset","id":"text:en_US-shared/client/components/common/Pager/PagerLoadMore-1740415735000","value":{"loadMore":"Show More"},"localOverride":false},"CachedAsset:text:en_US-components/customComponent/CustomComponent-1740415735000":{"__typename":"CachedAsset","id":"text:en_US-components/customComponent/CustomComponent-1740415735000","value":{"errorMessage":"Error rendering component id: {customComponentId}","bannerTitle":"Video provider requires cookies to play the video. Accept to continue or {url} it directly on the provider's site.","buttonTitle":"Accept","urlText":"watch"},"localOverride":false},"Revision:revision:187266_1":{"__typename":"Revision","id":"revision:187266_1","lastEditTime":"2011-11-17T08:48:14.000-08:00"},"Revision:revision:187268_1":{"__typename":"Revision","id":"revision:187268_1","lastEditTime":"2011-11-18T11:26:01.000-08:00"},"Revision:revision:187265_1":{"__typename":"Revision","id":"revision:187265_1","lastEditTime":"2011-11-17T08:44:51.000-08:00"},"Revision:revision:187267_1":{"__typename":"Revision","id":"revision:187267_1","lastEditTime":"2011-11-17T09:31:16.000-08:00"},"Revision:revision:187271_1":{"__typename":"Revision","id":"revision:187271_1","lastEditTime":"2011-12-03T13:27:28.000-08:00"},"Revision:revision:187270_2":{"__typename":"Revision","id":"revision:187270_2","lastEditTime":"2023-06-05T06:30:56.147-07:00"},"Revision:revision:187269_1":{"__typename":"Revision","id":"revision:187269_1","lastEditTime":"2011-11-28T11:16:13.000-08:00"},"Revision:revision:187272_1":{"__typename":"Revision","id":"revision:187272_1","lastEditTime":"2011-12-04T00:05:50.000-08:00"},"CachedAsset:text:en_US-shared/client/components/users/UserAvatar-1740415735000":{"__typename":"CachedAsset","id":"text:en_US-shared/client/components/users/UserAvatar-1740415735000","value":{"altText":"{login}'s avatar","altTextGeneric":"User's avatar"},"localOverride":false},"CachedAsset:text:en_US-shared/client/components/ranks/UserRankLabel-1740415735000":{"__typename":"CachedAsset","id":"text:en_US-shared/client/components/ranks/UserRankLabel-1740415735000","value":{"altTitle":"Icon for {rankName} rank"},"localOverride":false},"CachedAsset:text:en_US-shared/client/components/nodes/NodeIcon-1740415735000":{"__typename":"CachedAsset","id":"text:en_US-shared/client/components/nodes/NodeIcon-1740415735000","value":{"contentType":"Content Type {style, select, FORUM {Forum} BLOG {Blog} TKB {Knowledge Base} IDEA {Ideas} OCCASION {Events} other {}} icon"},"localOverride":false},"CachedAsset:text:en_US-components/tags/TagView/TagViewChip-1740415735000":{"__typename":"CachedAsset","id":"text:en_US-components/tags/TagView/TagViewChip-1740415735000","value":{"tagLabelName":"Tag name {tagName}"},"localOverride":false}}}},"page":"/forums/ForumMessagePage/ForumMessagePage","query":{"after":"MjQuMTJ8Mi4xfGl8MTB8Mzk6MXxpbnQsMTg3MjU1LDE4NzI2NA","boardId":"technicalforum","messageSubject":"client-certificate-validation-by-subject","messageId":"187254"},"buildId":"G6LFdF6Y8sb5g8rZyM3sC","runtimeConfig":{"buildInformationVisible":false,"logLevelApp":"info","logLevelMetrics":"info","openTelemetryClientEnabled":false,"openTelemetryConfigName":"f5","openTelemetryServiceVersion":"25.2.0","openTelemetryUniverse":"prod","openTelemetryCollector":"http://localhost:4318","openTelemetryRouteChangeAllowedTime":"5000","apolloDevToolsEnabled":false,"inboxMuteWipFeatureEnabled":false},"isFallback":false,"isExperimentalCompile":false,"dynamicIds":["./components/seo/QAPageSchema/QAPageSchema.tsx","./components/customComponent/CustomComponent/CustomComponent.tsx","./components/community/Navbar/NavbarWidget.tsx","./components/community/Breadcrumb/BreadcrumbWidget.tsx","./components/messages/TopicWithThreadedReplyListWidget/TopicWithThreadedReplyListWidget.tsx","./components/featured/content/FeaturedContentWidget/FeaturedContentWidget.tsx","./components/messages/MessageListForNodeByRecentActivityWidget/MessageListForNodeByRecentActivityWidget.tsx","./components/messages/RelatedContentWidget/RelatedContentWidget.tsx","./components/messages/MessageView/MessageViewStandard/MessageViewStandard.tsx","./components/messages/ThreadedReplyList/ThreadedReplyList.tsx","./components/customComponent/CustomComponentContent/TemplateContent.tsx","../shared/client/components/common/List/UnstyledList/UnstyledList.tsx","./components/messages/MessageView/MessageView.tsx","./components/messages/MessageView/MessageViewInline/MessageViewInline.tsx","../shared/client/components/common/Pager/PagerLoadMore/PagerLoadMore.tsx","./components/customComponent/CustomComponentContent/HtmlContent.tsx","./components/customComponent/CustomComponentContent/CustomComponentScripts.tsx","../shared/client/components/common/List/UnwrappedList/UnwrappedList.tsx","./components/tags/TagView/TagView.tsx","./components/tags/TagView/TagViewChip/TagViewChip.tsx"],"appGip":true,"scriptLoader":[]}