Forum Discussion
Jim_24689
Nimbostratus
NimbostratusIrule and accepting a Client Cert
Hello , I am trying to configure two way SSL on a V11 F5 LTM/ASM . I'd like to check the common name of the client cert present by the client.
when CLIENTSSL_CLIENTCERT {
log ...
uni
Altocumulus
AltocumulusI think your client has not supplied a certificate. Check that [SSL::cert count] > 0 before executing [X509::subject [SSL::cert 0]]
uniAltocumulus
AltocumulusThe event is triggered. I have a rule which logs the cert count in that event, and it logs 0 regularly. Jim should look at the example in the Wiki: https://clouddocs.f5.com/api/irules/X509__subject.html
It does almost exactly what he wants. He will need to pick out the CN from the subject. e.g change the test to
if { [X509::subject [SSL::cert 0]] contains "CN=my.common.name" }
