How to read "Subject Key Identifier" value form a digital certificate

Question

Hi, &nbsp;
I am looking for a way to:&nbsp;
1) read "Subject Key Identifier" value form a digital certificate with an iRule (something like X509::subject [SSL::cert 0])&nbsp;
2) insert this value into a HTTP header inside the same iRule.&nbsp;
While there are many examples available about inserting HTTP headers, I did not find a way how to read "Subject Key Identifier" from a certificate. &nbsp;
Help appreciated! &nbsp;
Best regards,
Srecko&nbsp;

mimlo_61970 · Answer

Is this helpful?&nbsp;

https://devcentral.f5.com/questions/insert-common-name-value-to-http-header&nbsp;

chris_grant · Answer

The irule in this link should help you accomplish what you need to accomplish.

smilanic · Answer

With some help from F5, we were to solve this using APM and the following command in an iRule: 
"set SKI_Hex [findstr [ACCESS::session data get session.ssl.cert.x509extension] "Subject Key Identifier" 33 "X509v3"]"&nbsp;
This reads the contents of the SKI extension field from a certificate into "SKI_Hex". You can then insert it into a HTTP header as described in other posts. &nbsp;

Forum Discussion

How to read "Subject Key Identifier" value form a digital certificate

3 Replies

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

Illegal Metacharacter in Parameter Name in Json Data

Cisco TACACS+ Config on ISE LTM Pair

AS3 declaration to set cookie to preferred

SSL Bridging and FQDN rewrite Policy

Checking for X-Forwarded-For against an Address Data-Group

Related Content

Automating Certificate Management on F5 BIG-IP

Certificate Automation for BIG-IP using CyberArk Certificate Manager, Self-Hosted

Automating ACMEv2 Certificate Management on BIG-IP

Automate Let's Encrypt Certificates on BIG-IP

Re: Management Certificate

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS