Forum Discussion
Stanislas_Piro2
May 16, 2017Cumulonimbus
Hi,
you can use this code :
when CLIENTSSL_CLIENTCERT {
set ssl_cert [SSL::cert 0]
set sn_hex [X509::serial_number $ssl_cert]
remove useless characters
set sn_hex [string map {" " "" ":" ""} $sn_hex]
convert hex to decimal
set sn [expr 0x$sn_hex]
set subject [X509::subject $ssl_cert] set issuer [X509::issuer $ssl_cert]
set valid_from [X509::not_valid_before $ssl_cert]
set valid_to [X509::not_valid_after $ssl_cert]
session add uie [SSL::sessionid] [list $sn $issuer $subject $valid_from $valid_to] 1800
}
when HTTP_REQUEST {
set values [session lookup uie [SSL::sessionid] ]
if { [lindex $values 0] != "" } {
HTTP::header insert client_ip_address [IP::client_addr]
HTTP::header insert client_cert_serial_num [lindex $values 0]
HTTP::header insert client_cert_subject [lindex $values 1]
HTTP::header insert client_cert_issuer [lindex $values 2]
HTTP::header insert client_cert_valid_from [lindex $values 3]
HTTP::header insert client_cert_valid_to [lindex $values 4]
}
}