For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

IRONMAN's avatar
IRONMAN
Icon for Cirrostratus rankCirrostratus
Aug 30, 2019

HTTP header insert with CN and for SHA1 thumbprint of the SSL certificate ?

Hi Any one help to edit the below irule to match my requirement, HTTP header insert with CN(Certificate name) and for SHA1 thumbprint of the SSL certificate to backend servers.   LTM VIP is HTTPS w...
application delivery
iRules
LTM
security
IRONMAN's avatar
IRONMAN
Icon for Cirrostratus rankCirrostratus
Aug 30, 2019

Thanks, I modified it please check once

 

when CLIENTSSL_CLIENTCERT priority 100 {

  if {[SSL::cert count] > 0} {

    set clientCert [X509::whole [SSL::cert 0]]

    set clientCertSubject [X509::subject [SSL::cert 0]]

    set cert_hash [X509::hash [SSL::cert 0]]

 

    foreach field [ split $clientCertSubject ","] {

      if {$field starts_with "CN="} {

        set clientCommonName [getfield $field "=" 2]

      }

    }

  }

}

 

when HTTP_REQUEST {

  if {(info exists clientCert) && ($clientCert ne "") } {

    HTTP::header insert X-Client-Cert $clientCert

  }

 

  if {(info exists clientCommonName) && ($clientCommonName ne "") } {

    HTTP::header insert X-Client-CN $clientCommonName

  }

 

  {

    HTTP::header insert X-Client-CN $clientCommonName

  }

}