Forum Discussion

Cirrostratus

Aug 30, 2019

HTTP header insert with CN and for SHA1 thumbprint of the SSL certificate ?

Hi Any one help to edit the below irule to match my requirement, HTTP header insert with CN(Certificate name) and for SHA1 thumbprint of the SSL certificate to backend servers. LTM VIP is HTTPS w...

Cumulonimbus

Aug 31, 2019

Sorry didn’t have time to test and missed some [ ] out

when CLIENTSSL_CLIENTCERT priority 100 {
    if {[SSL::cert count] > 0} {
        set clientCert [X509::whole [SSL::cert 0]]
        set clientCertSubject [X509::subject [SSL::cert 0]]
        set clientCertHash [X509::hash [SSL::cert 0]]
        foreach field [ split $clientCertSubject ","] {
            if {$field starts_with "CN="} {
                set clientCommonName [getfield $field "=" 2]
            }
        }
    }
}
 
when HTTP_REQUEST {
    if {([info exists clientCert]) && ($clientCert ne "")} {
        HTTP::header insert X-Client-Cert $clientCert
    }
 
    if {([info exists clientCommonName]) && ($clientCommonName ne "")} {
        HTTP::header insert X-Client-CN $clientCommonName
    }
 
    if {([info exists clientCertHash]) && ($clientCertHash ne "")} {
        HTTP::header insert X-Client-hash $clientCertHash
    }
}

IRONMAN
Cirrostratus
Sep 11, 2019
I got my application team saying, they expecting this Header names,

X-SSL-Client-CN
X-SSL-Client-SHA1

Should i change as below?
please verify once

when HTTP_REQUEST {
  if {([info exists clientCert]) && ($clientCert ne "")} {
    HTTP::header insert X-Client-Cert $clientCert
  }

  if {([info exists clientCommonName]) && ($clientCommonName ne "")} {
    HTTP::header insert X-SSL-Client-CN $clientCommonName
  }

  if {([info exists clientCertHash]) && ($clientCertHash ne "")} {
    HTTP::header insert X-SSL-Client-SHA1 $clientCertHash
  }
}