Forum Discussion

Altostratus

Nov 27, 2012

Generate SHA1 thumbprint of incoming SSL cert

Greetings! I have a request from a developer (below). I was hoping one of you could please help me come up with a solution? --------------- The F5 needs to generate an SHA1 thumbprint of th...

Cirrostratus

Dec 18, 2012

Actually, you might want to remove the cert headers regardless of whether the client presented a cert for the SSL session to prevent a client from injecting their own headers.


when HTTP_REQUEST {
HTTP::header remove SSLClientCertSubject
HTTP::header remove ClientCertThumbprint
if { [SSL::cert count] > 0 } {
HTTP::header insert SSLClientCertSubject [X509::subject [SSL::cert 0]]
binary scan [sha1 [SSL::cert 0]] H* cert_hex
HTTP::header insert ClientCertThumbprint $cert_hex
}
}

Aaron

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

Generate SHA1 thumbprint of incoming SSL cert

F5 Academy at AppWorld 2026

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

After upgrading from PeopleTools 8.59.11 to 8.61.11 F5 APM is not rewriting the internal URLs

F5 BIG IP laboratory license

F5 mssql health monitor failing

How can I get started with iCall

Connection Rest f5

Related Content

Thumbprint of the client ssl certificate

F5 rSeries: Next-Generation Fully Automatable Hardware

F5 VELOS: A Next-Generation Fully Automatable Platform

SSL Orchestrator Advanced Use Cases: Detecting Generative AI

Generate API SDK for F5 Distributed Cloud

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS