For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

IRONMAN's avatar
IRONMAN
Icon for Cirrostratus rankCirrostratus
Aug 30, 2019

HTTP header insert with CN and for SHA1 thumbprint of the SSL certificate ?

Hi Any one help to edit the below irule to match my requirement, HTTP header insert with CN(Certificate name) and for SHA1 thumbprint of the SSL certificate to backend servers.   LTM VIP is HTTPS w...
application delivery
iRules
LTM
security
Andy_McGrath's avatar
Andy_McGrath
Icon for Cumulonimbus rankCumulonimbus
Aug 30, 2019
when CLIENTSSL_CLIENTCERT priority 100 {
    if {[SSL::cert count] > 0} {
        set clientCert [X509::whole [SSL::cert 0]]
        set clientCertSubject [X509::subject [SSL::cert 0]]
        set clientCertHash [X509::hash [SSL::cert 0]]
        foreach field [ split $clientCertSubject ","] {
            if {$field starts_with "CN="} {
                set clientCommonName [getfield $field "=" 2]
            }
        }
    }
}
 
when HTTP_REQUEST {
    if {(info exists clientCert) && ($clientCert ne "")} {
        HTTP::header insert X-Client-Cert $clientCert
    }
 
    if {(info exists clientCommonName) && ($clientCommonName ne "")} {
        HTTP::header insert X-Client-CN $clientCommonName
    }
 
    if {(info exists clientCertHash) && ($clientCertHash ne "")} {
        HTTP::header insert X-Client-hash $clientCertHash
    }
}