Forum Discussion
IRONMAN
Cirrostratus
CirrostratusClient SSL Authentication info need to send back server, in HTTP header?
Any one guide me here, I am having requirement to send the below headers to back-end servers with HTTP header, ! Client profile i am creating for Client Authentication with Request: method.! Ser...
Hi IRONMAN,
when CLIENTSSL_CLIENTCERT priority 100 {
if {[SSL::cert count] > 0} {
set clientCert [X509::whole [SSL::cert 0]]
set clientCertSubject [X509::subject [SSL::cert 0]]
set clientCertHash [X509::hash [SSL::cert 0]]
foreach field [ split $clientCertSubject ","] {
if {$field starts_with "CN="} {
set clientCommonName [getfield $field "=" 2]
}
}
}
}
when HTTP_REQUEST {
if {([info exists clientCert]) && ($clientCert ne "")} {
HTTP::header insert X-SSL-Client-Cert $clientCert
}
if {([info exists clientCommonName]) && ($clientCommonName ne "")} {
HTTP::header insert X-SSL-Client-CN $clientCommonName
}
if {([info exists clientCertHash]) && ($clientCertHash ne "")} {
HTTP::header insert X-SSL-Client-SHA1 $clientCertHash
}
}
IRONMANCirrostratus
CirrostratusPlease let me know, should i add below for set the $clientCertHash value from SSL?
if {$field starts_with "CN="} {
set clientCommonName [getfield $field "=" 2]
}
You should use it for clientCommonName (X-SSL-Client-CN)
# for X-SSL-Client-CN
set clientCertSubject [X509::subject [SSL::cert 0]] foreach field [ split $clientCertSubject ","] { if {$field starts_with "CN="} { set clientCommonName [getfield $field "=" 2] } }# for X-SSL-Client-SHA1
set clientCertHash [X509::hash [SSL::cert 0]]- IRONMAN
Thanks Eaa,
So i get thumbprint value inserted as a header with below action.
- set clientCertHash [X509::hash [SSL::cert 0]]