How to read "Subject Key Identifier" value form a digital certificate

Question

Hi, &nbsp;
I am looking for a way to:&nbsp;
1) read "Subject Key Identifier" value form a digital certificate with an iRule (something like X509::subject [SSL::cert 0])&nbsp;
2) insert this value into a HTTP header inside the same iRule.&nbsp;
While there are many examples available about inserting HTTP headers, I did not find a way how to read "Subject Key Identifier" from a certificate. &nbsp;
Help appreciated! &nbsp;
Best regards,
Srecko&nbsp;

mimlo_61970 · Answer

Is this helpful?&nbsp;

https://devcentral.f5.com/questions/insert-common-name-value-to-http-header&nbsp;

chris_grant · Answer

The irule in this link should help you accomplish what you need to accomplish.

smilanic · Answer

With some help from F5, we were to solve this using APM and the following command in an iRule: 
"set SKI_Hex [findstr [ACCESS::session data get session.ssl.cert.x509extension] "Subject Key Identifier" 33 "X509v3"]"&nbsp;
This reads the contents of the SKI extension field from a certificate into "SKI_Hex". You can then insert it into a HTTP header as described in other posts. &nbsp;

Forum Discussion

How to read "Subject Key Identifier" value form a digital certificate

Recent Discussions

Background Tasks

APM with EntraID as idP / request signed

Should config via cli rather than gui?

APM Modern Customization - modify Header in user-common.js and form in user-logon.js

Which process is consuming higher CPU

Related Content

Automating ACMEv2 Certificate Management on BIG-IP

Re: Management Certificate

Automate Let's Encrypt Certificates on BIG-IP

Automating NGINX Certificate Rotation on AWS

My Security+ Certification Journey

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS