For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

RiverFish's avatar
RiverFish
Icon for Altostratus rankAltostratus
Nov 27, 2012

Generate SHA1 thumbprint of incoming SSL cert

Greetings! I have a request from a developer (below). I was hoping one of you could please help me come up with a solution?   ---------------   The F5 needs to generate an SHA1 thumbprint of th...
application delivery
dev
devops
iRules
RiverFish's avatar
RiverFish
Icon for Altostratus rankAltostratus
Dec 18, 2012
Just wanted to post an update. Hoolio's iRule made it through test, QA, and is now in production. It takes the SHA1 thumbprint of the incoming SSL cert, converts it to hex, and inserts it into the header. It also takes the cert subject of the incoming SSL cert and inserts it into the header. Lastly, it scrubs any pre-existing headers before inserting the new ones as an extra measure of security. Thanks again Hoolio, and thanks to everyone else who pitched in. Here is the iRule again in final form:

 

 

when HTTP_REQUEST {

 

if { [SSL::cert count] > 0 } {

 

HTTP::header remove SSLClientCertSubject

 

HTTP::header insert SSLClientCertSubject [X509::subject [SSL::cert 0]]

 

 

binary scan [sha1 [SSL::cert 0]] H* cert_hex

 

HTTP::header remove ClientCertThumbprint

 

HTTP::header insert ClientCertThumbprint $cert_hex

 

}

 

}