Forum Discussion

SMilanic's avatar
SMilanic
Icon for Cirrus rankCirrus
Apr 18, 2016

How to read "Subject Key Identifier" value form a digital certificate

Hi,

 

I am looking for a way to:

 

1) read "Subject Key Identifier" value form a digital certificate with an iRule (something like X509::subject [SSL::cert 0])

 

2) insert this value into a HTTP header inside the same iRule.

 

While there are many examples available about inserting HTTP headers, I did not find a way how to read "Subject Key Identifier" from a certificate.

 

Help appreciated!

 

Best regards, Srecko

 

  • With some help from F5, we were to solve this using APM and the following command in an iRule: "set SKI_Hex [findstr [ACCESS::session data get session.ssl.cert.x509extension] "Subject Key Identifier" 33 "X509v3"]"

     

    This reads the contents of the SKI extension field from a certificate into "SKI_Hex". You can then insert it into a HTTP header as described in other posts.

     

  • Is this helpful?

     

    https://devcentral.f5.com/questions/insert-common-name-value-to-http-header

     

    • Chris_Grant's avatar
      Chris_Grant
      Icon for Employee rankEmployee
      The irule in this link should help you accomplish what you need to accomplish.