Forum Discussion
Dennis_Kloosterman
Altostratus
AltostratusDoes X509::whole also insert the intermediate certificate(s)?
Hi,
I need to write an irule that, amongst other things, forwards a client certificate in an http header. That is normally done using the X509::whole option, but the application also requires the intermediate certificate(s). I can't imagine this command achieves that as the intermediate is to my knowledge not part of the X509 certificate, but I could be mistaken. Do any of you know this for certain? Also, if this will indeed not work, does anyone know a way to retrieve and forward the intermediate(s)?
jaikumar_f5Noctilucent
Actually the x509 whole gives you in pem format,
- jaikumar_f5
Actually, the below code should capture the Intermediate certs too.
when CLIENTSSL_CLIENTCERT { if {[SSL::cert count] > 0}{ if { [SSL::verify_result] == 0 }{ for {set i 0} {$i < [SSL::cert count]} {incr i}{ log local0. "CERT NUMBER= $i - SUBJECT= [X509::subject [SSL::cert $i]] - Issuer= [X509::issuer [SSL::cert $i]] - SERIAL= [X509::serial_number [SSL::cert $i]]" } } else { log local0. "Cert Info: [X509::verify_cert_error_string [SSL::verify_result]]" } } else { log local0. "No client certificate provided" } }If you think this helps your requirement, please mark the thread as solved.