Forum Discussion

Jason_Drake_204's avatar
Jason_Drake_204
Icon for Nimbostratus rankNimbostratus
Jul 07, 2015

Forwarding of X509 HTTP Header to application after termination of SSL

Hi, I'm fairly new to F5 and was wondering if there was a way to insert part of the x509::subject to the HTTP header.

A regular iRule for this would look partly like this

when HTTP_REQUEST {

if { [SSL::cert count] > 0 } {
    HTTP::header insert CERTSUBJECT [X509::subject [SSL::cert 0]]
}

}

however I would like to just get the 10 digit EDIPI 9999999999 below:

Subject CN=John.D.Smith.9999999999,OU=CONTRACTOR,OU=PKI,OU=DoD,O=U.S.

Is there a way to do this? Thanks J

  • You can use a combination of string operations to get to this value. Try this:

    set subj [findstr [X509::subject [SSL::cert 0]] "CN=" 3 ","]
    set EDIPI [string range $subj [expr [string last "." $subj] +1] end]
    

    The finsdtr command will return everything after "CN=" and before the next comma:

    John.D.Smith.9999999999
    

    And the string functions will return the value after the last period to the end of the string.