Forum Discussion
Client SSL Authentication info need to send back server, in HTTP header?
Any one guide me here,
I am having requirement to send the below headers to back-end servers with HTTP header, !
Client profile i am creating for Client Authentication with Request: method.!
Server side , i am not using any SSL profile, only plain HTTP.!
Like two below Headers need to insert:
X-SSL-Client-CN : xxxxxx.com
X-SSL-Client-SHA1 :c46bee94a8514d531f7385f95e53d96471e1f293
Below irule not giving expected results, hope need to change header names, please correct if any have idea
when CLIENTSSL_CLIENTCERT priority 100 {
if {[SSL::cert count] > 0} {
set clientCert [X509::whole [SSL::cert 0]]
set clientCertSubject [X509::subject [SSL::cert 0]]
set clientCertHash [X509::hash [SSL::cert 0]]
foreach field [ split $clientCertSubject ","] {
if {$field starts_with "CN="} {
set clientCommonName [getfield $field "=" 2]
}
}
}
}
when HTTP_REQUEST {
if {([info exists clientCert]) && ($clientCert ne "")} {
HTTP::header insert X-Client-Cert $clientCert
}
if {([info exists clientCommonName]) && ($clientCommonName ne "")} {
HTTP::header insert X-Client-CN $clientCommonName
}
if {([info exists clientCertHash]) && ($clientCertHash ne "")} {
HTTP::header insert X-Client-hash $clientCertHash
}
}
Hi IRONMAN,
when CLIENTSSL_CLIENTCERT priority 100 { if {[SSL::cert count] > 0} { set clientCert [X509::whole [SSL::cert 0]] set clientCertSubject [X509::subject [SSL::cert 0]] set clientCertHash [X509::hash [SSL::cert 0]] foreach field [ split $clientCertSubject ","] { if {$field starts_with "CN="} { set clientCommonName [getfield $field "=" 2] } } } } when HTTP_REQUEST { if {([info exists clientCert]) && ($clientCert ne "")} { HTTP::header insert X-SSL-Client-Cert $clientCert } if {([info exists clientCommonName]) && ($clientCommonName ne "")} { HTTP::header insert X-SSL-Client-CN $clientCommonName } if {([info exists clientCertHash]) && ($clientCertHash ne "")} { HTTP::header insert X-SSL-Client-SHA1 $clientCertHash } }
- IRONMANCirrostratus
Please let me know, should i add below for set the $clientCertHash value from SSL?
if {$field starts_with "CN="} {
set clientCommonName [getfield $field "=" 2]
}
You should use it for clientCommonName (X-SSL-Client-CN)
# for X-SSL-Client-CN
set clientCertSubject [X509::subject [SSL::cert 0]] foreach field [ split $clientCertSubject ","] { if {$field starts_with "CN="} { set clientCommonName [getfield $field "=" 2] } }
# for X-SSL-Client-SHA1
set clientCertHash [X509::hash [SSL::cert 0]]
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com