Forum Discussion
Sep 16, 2019
Hi IRONMAN,
when CLIENTSSL_CLIENTCERT priority 100 {
if {[SSL::cert count] > 0} {
set clientCert [X509::whole [SSL::cert 0]]
set clientCertSubject [X509::subject [SSL::cert 0]]
set clientCertHash [X509::hash [SSL::cert 0]]
foreach field [ split $clientCertSubject ","] {
if {$field starts_with "CN="} {
set clientCommonName [getfield $field "=" 2]
}
}
}
}
when HTTP_REQUEST {
if {([info exists clientCert]) && ($clientCert ne "")} {
HTTP::header insert X-SSL-Client-Cert $clientCert
}
if {([info exists clientCommonName]) && ($clientCommonName ne "")} {
HTTP::header insert X-SSL-Client-CN $clientCommonName
}
if {([info exists clientCertHash]) && ($clientCertHash ne "")} {
HTTP::header insert X-SSL-Client-SHA1 $clientCertHash
}
}
- IRONMANSep 16, 2019Cirrostratus
Please let me know, should i add below for set the $clientCertHash value from SSL?
if {$field starts_with "CN="} {
set clientCommonName [getfield $field "=" 2]
}
- Sep 16, 2019
You should use it for clientCommonName (X-SSL-Client-CN)
# for X-SSL-Client-CN
set clientCertSubject [X509::subject [SSL::cert 0]] foreach field [ split $clientCertSubject ","] { if {$field starts_with "CN="} { set clientCommonName [getfield $field "=" 2] } }
# for X-SSL-Client-SHA1
set clientCertHash [X509::hash [SSL::cert 0]]
- IRONMANSep 16, 2019Cirrostratus
Thanks Eaa,
So i get thumbprint value inserted as a header with below action.
- set clientCertHash [X509::hash [SSL::cert 0]]