Forum Discussion

Nimbostratus

May 15, 2017

convert SSL X509::serial_number into decimal

Hi Team, I have an irule to extract specific X509 information from client certificate and pass it onto servers. Irule is working as expected, but application has the requirement to convert X509:...

Cumulonimbus

May 16, 2017

Hi,

you can use this code :

when CLIENTSSL_CLIENTCERT {
    set ssl_cert [SSL::cert 0]
    set sn_hex [X509::serial_number $ssl_cert]
     remove useless characters 
    set sn_hex [string map {" " "" ":" ""} $sn_hex]
     convert hex to decimal 
    set sn [expr 0x$sn_hex]

    set subject [X509::subject $ssl_cert]   set issuer [X509::issuer $ssl_cert]
    set valid_from [X509::not_valid_before $ssl_cert]
    set valid_to [X509::not_valid_after $ssl_cert]
    session add uie [SSL::sessionid] [list $sn $issuer $subject $valid_from $valid_to] 1800
}

when HTTP_REQUEST {
    set values [session lookup uie [SSL::sessionid] ]
    if { [lindex $values 0] != "" } {
        HTTP::header insert client_ip_address [IP::client_addr]
        HTTP::header insert client_cert_serial_num [lindex $values 0]
        HTTP::header insert client_cert_subject [lindex $values 1]
        HTTP::header insert client_cert_issuer [lindex $values 2]
        HTTP::header insert client_cert_valid_from [lindex $values 3]
        HTTP::header insert client_cert_valid_to [lindex $values 4]
    }
}

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)