How to read "Subject Key Identifier" value form a digital certificate

Question

Hi, &nbsp;
I am looking for a way to:&nbsp;
1) read "Subject Key Identifier" value form a digital certificate with an iRule (something like X509::subject [SSL::cert 0])&nbsp;
2) insert this value into a HTTP header inside the same iRule.&nbsp;
While there are many examples available about inserting HTTP headers, I did not find a way how to read "Subject Key Identifier" from a certificate. &nbsp;
Help appreciated! &nbsp;
Best regards,
Srecko&nbsp;

mimlo_61970 · Answer

Is this helpful?&nbsp;

https://devcentral.f5.com/questions/insert-common-name-value-to-http-header&nbsp;

chris_grant · Answer

The irule in this link should help you accomplish what you need to accomplish.

smilanic · Answer

With some help from F5, we were to solve this using APM and the following command in an iRule: 
"set SKI_Hex [findstr [ACCESS::session data get session.ssl.cert.x509extension] "Subject Key Identifier" 33 "X509v3"]"&nbsp;
This reads the contents of the SKI extension field from a certificate into "SKI_Hex". You can then insert it into a HTTP header as described in other posts. &nbsp;

Forum Discussion

How to read "Subject Key Identifier" value form a digital certificate

3 Replies

Security Best Practices for F5 Products

F5 AppWorld 2026 Registration - early bird pricing.

Kostas Injeyan - October 2025 Featured Member

Recent Discussions

Failed to execute iptable cmd: ," CMD="iptables -A SSH_ALLOW_RULES error

Cannot ping external interface

HA Failover between two Datacenters

LTM issue Openning new web browser tab

F5 asm/awaf

Related Content

Automating Certificate Management on F5 BIG-IP

Automating ACMEv2 Certificate Management on BIG-IP

Automate Let's Encrypt Certificates on BIG-IP

Re: Management Certificate

Building an OpenSSL Certificate Authority - Creating Your Root Certificate

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS